VERY IMPORTANT

A new variant of the Odyssey infostealer for macOS has been discovered, featuring code signing, notarization, and a persistent backdoor. The malware mimics a Google Meet updater and uses a SwiftUI-based 'Technician Panel' for social engineering. It steals sensitive data, including passwords, browser information, and cryptocurrency wallet contents. The stealer now includes a second-stage payload that establishes persistence and communicates with a command-and-control server. Notable features include dynamic command execution, network tunneling capabilities, and self-termination mechanisms. The malware also employs anti-analysis techniques to evade researchers. Multiple signed and notarized samples have been identified in the wild, indicating an evolution in the threat actor's tactics.