Malware bypassed macOS Gatekeeper by abusing Apple's notarization proccess

A new variant of the MacSync Stealer uses a code-signed Swift application to get around Apple's macOS Gatekeeper protections.
eWeek

Google Apps Script Vulnerability Exposes Malware Risks

Security firm Proofpoint on Jan. 4 warned of a new attack vector that could enable hackers to abuse Google Apps Script to exploit cloud users. Google Apps Script is a JavaScript-based language used ...
iDrop News

Don’t Trust the Double-Click: This Mac Malware Was ‘Approved’ by Apple

A new version of the MacSync Stealer malware has been found masquerading as a legitimate, notarized app. It bypasses standard macOS security warnings to harvest credentials and crypto wallets.
Direct Marketing News

Script kiddies targeted by fake malware builder

Tension: Inexperienced hackers crave shortcuts to power, yet the very tools that promise a shortcut often flip and claim the hackers as victims. Noise: Forums and YouTube tutorials glamorize “plug-and ...

GhostPoster attacks hide malicious JavaScript in Firefox addon logos

A new campaign dubbed 'GhostPoster' is hiding JavaScript code in the image logo of malicious Firefox extensions counting more ...
ZDNet

Google Apps Script vulnerability could have opened the door for malware

A vulnerability in Google Apps Script could have allowed attackers to use Google Drive as a means of discreetly delivering malware to unsuspecting victims. Google Apps Script is a JavaScript-based ...
Bleeping Computer

New 'PowerDrop' PowerShell malware targets U.S. aerospace industry

A new PowerShell malware script named 'PowerDrop' has been discovered to be used in attacks targeting the U.S. aerospace defense industry. PowerDrop was discovered by Adlumin, who last month found a ...