New MacSync Stealer Variant Bypasses macOS Security via Notarization

Jamf Threat Labs has identified a new variant of the MacSync Stealer, an infostealer targeting macOS. This malware is disguised as an application named "zk-call" and leverages official notarization to bypass macOS security protections. The primary objective of this malware is to exfiltrate saved passwords from infected Mac devices. The use of notarization is particularly concerning as it allows the malware to appear legitimate and bypass some of macOS's built-in security features. This incident highlights the evolving tactics of malware authors who are increasingly exploiting legitimate processes to circumvent security measures. While the article does not provide specific details on the infection methods or distribution vectors, the impact of this malware is significant as it can lead to the compromise of sensitive authentication data. Organizations and individual users should remain vigilant, ensure their systems are updated with the latest security patches, and exercise caution when downloading applications from untrusted sources. This case underscores the importance of multi-layered security measures and continuous monitoring to detect and prevent such threats.