Skip to content

News
Cybercrime
Risk
Policy
Privacy
Research
Cloud
Insurance

LinkedIn
Facebook

Mac.c

Jamf finds MacSync macOS stealer delivered in signed, notarized Swift installer

Cybercrime, Research, Vendors, Vulnerabilities

December 26, 2025

Jamf researchers found a MacSync macOS stealer variant delivered in a code-signed, notarized Swift installer inside a DMG that could bypass Gatekeeper; Apple revoked the signing certificate and analysis links the payload to the rebranded Mac.c infostealer with remote command-and-control capabilities.
MacSync Stealer shifts to signed Swift dropper, removing need for terminal commands

Cybercrime, News, Research, Risk, Vulnerabilities

December 23, 2025

MacSync Stealer operators now distribute a code-signed, notarized Swift dropper inside a disk image, removing the need for terminal interaction. The change has enabled rapid infections of macOS systems since mid-2025.

About
Editorial Policy
Privacy
Contact