Expert analysis from Ricnology
MacSync information stealer variant exploits Apple's notarization framework, distributing through digitally signed Swift applications disguised as messaging tools to bypass Gatekeeper and exfiltrate credentials and crypto wallets
Digital investigation identifies Rey as central operator managing Scattered LAPSUS$ Hunters cybercrime infrastructure, coordinating data theft operations and overseeing social engineering attacks against enterprise targets
Nomani investment fraud operation grows 62% through AI-generated deepfake celebrity endorsements on Facebook and YouTube, with ESET blocking 64,000 malicious URLs targeting cryptocurrency investors across social media platforms
MacSync information stealer variant distributes through Apple-notarized Swift applications, exploiting code signing trust mechanisms to bypass Gatekeeper protections while harvesting passwords and cryptocurrency wallet data
Digital forensics investigation reveals Rey's true identity as core administrator of Scattered LAPSUS$ Hunters criminal network, exposing operational security failures and linking attack infrastructure across multiple enterprise breaches
ESET blocks 64,000 malicious URLs linked to Nomani investment fraud campaign using AI-generated deepfake celebrity endorsements across Facebook and YouTube, representing 62% increase in fraudulent activity
MacSync information stealer exploits Apple's code signing infrastructure, leveraging notarized Swift applications disguised as messaging software to bypass Gatekeeper protections and harvest credentials
Security investigation exposes Rey's role as primary administrator of Scattered LAPSUS$ Hunters cybercrime operation, managing attack coordination, victim targeting, and criminal infrastructure operations
Nomani investment fraud campaign expands 62% across social platforms using AI deepfake technology, targeting Facebook and YouTube users with fake celebrity endorsements promoting fraudulent cryptocurrency schemes
MacSync malware variant leverages digitally signed and notarized Swift applications to evade Apple Gatekeeper detection, masquerading as legitimate messaging software to steal credentials and crypto assets
Forensic analysis confirms Rey's operational role managing Scattered LAPSUS$ Hunters attack infrastructure, coordinating social engineering operations and directing multi-target enterprise breach campaigns
Nomani cryptocurrency investment scam utilizes AI-generated deepfake celebrity endorsements to defraud thousands of victims across social media platforms, blocked 64,000 malicious URLs in 2025
