netcode's User Avatar

@netcode

in /cybersecurity 19 days ago

Signup / Login

MacSync Stealer Returns: SEO Poisoning and Fake GitHub Repositories Target macOS Users

MacSync Stealer Returns: SEO Poisoning and Fake GitHub Repositories Target macOS Users | Daylight MDR Team - Featured Image

MacSync Stealer Returns: SEO Poisoning and Fake GitHub Repositories Target macOS Users | Daylight MDR Team

daylight.ai - favicondaylight.ai
TLDR

The Daylight Security MDR team is tracking an active infostealer campaign targeting macOS and Windows users. Threat actors use SEO poisoning and fake GitHub repositories to trick users into running malicious code. The campaign has been active since at least August 2025, with over 20 malicious repositories still active. The malware, known as MacSync, aggressively harvests credentials from browsers, macOS Keychain, cloud services, and cryptocurrency wallets.

2Score: 2

0 Comments