New MacSync macOS Stealer Bypasses Gatekeeper via Signed and Notarized App

Cybersecurity researchers have identified a new variant of the MacSync macOS information stealer that leverages a digitally signed and notarized Swift application to bypass Apple's Gatekeeper security checks. This variant is distributed under the guise of a messaging app installer, employing a more discreet approach compared to previous versions that relied on techniques such as "drag-to-terminal" or "ClickFix." The primary objective of this malware remains the theft of information from macOS systems. The use of a signed and notarized application is notable as it bypasses Gatekeeper, a key security feature in macOS designed to prevent the execution of untrusted software. This method of distribution indicates a shift towards more stealthy techniques by the attackers. While the source does not provide specific details on the discovery date, targeted entities, or quantitative impact, the technical implications are significant. The ability to bypass Gatekeeper through Apple's notarization process demonstrates the challenges in preventing malware on macOS. For cybersecurity professionals, this development highlights the importance of defense-in-depth strategies. Organizations and individual users should implement additional layers of protection, such as endpoint detection and response (EDR) solutions, regular system monitoring, and user education on recognizing potential threats. Moreover, this incident serves as a reminder that even signed and notarized applications can be malicious. Users should exercise caution when downloading and installing software, even if it appears to be from a trusted source. Keeping security software up to date and monitoring for unusual system activity can help mitigate the risk of such threats. In conclusion, the emergence of this new MacSync variant underscores the evolving tactics of cybercriminals and the ongoing challenges in cybersecurity. It is crucial for security professionals to stay informed about the latest threats and to implement robust security measures to protect against them.