SlowMist (@SlowMist_Team) “🚨 SlowMist TI Alert 🚨 MistEye has received threat intelligence from the commun” — TopicDigg

🚨 SlowMist TI Alert 🚨 MistEye has received threat intelligence from the community regarding an active and highly destructive macOS infostealer known as "MacSync Stealer" (v1.1.2). Threat actors are targeting macOS users to extract sensitive data, including crypto wallets, browser credentials, system Keychains, and infrastructure keys (SSH/AWS/K8s). The malware uses fake AppleScript system dialogs to phish for login passwords and displays a fake "not supported" error after data exfiltration. We have synchronized this IOC with our clients immediately. Please do NOT execute unverified macOS scripts and be extremely cautious of unexpected system password prompts. In the event of a suspected compromise, immediate remediation is critical: rotate all infrastructure credentials (SSH/AWS/K8s), invalidate exposed Keychains, and swiftly migrate cryptocurrency assets to secure wallets. As always, stay vigilant!