SlowMist: Active macOS Info-Stealing Malware “MacSync Stealer” Discovered

SlowMist TI Alert reports that MistEye has received threat intelligence from the community regarding an active macOS information-stealing malware dubbed “MacSync Stealer” (v1.1.2). This malware targets macOS users and is capable of stealing cryptocurrency wallets, browser credentials, system keychains, and infrastructure keys (SSH / AWS / K8s). It employs a spoofed AppleScript system dialog to trick users into entering their login password. After data exfiltration, it displays a fake “Not Supported” error message. SlowMist states it has shared relevant IOCs with its customers and urges users not to execute unverified macOS scripts and to remain vigilant against unusual system password prompts.