Go backdoor

MacSync Stealer operators now distribute a code-signed, notarized Swift dropper inside a disk image, removing the need for terminal interaction. The change has enabled rapid infections of macOS systems since mid-2025.