Fake Mac Clipboard App Distributes PamStealer Password-Stealing Malware

According to Jamf Threat Labs, on Thursday the cybersecurity firm identified a fake version of the Maccy clipboard manager that delivers a new Rust-based malware dubbed PamStealer. The malicious app is distributed via a lookalike website containing an AppleScript file that, when executed, harvests users' passwords and crypto wallet keys by validating login credentials through macOS Pluggable Authentication Modules (PAM).

Once installed, the malware uses JavaScript for Automation and native macOS APIs to download a second-stage payload designed for Apple Silicon Macs. It can steal browser credentials and Keychain data, monitor clipboard contents, establish persistence, and request Full Disk Access to reach protected files including Mail, Messages, and Time Machine backups. Jamf has not detected active PamStealer campaigns to date but notified Apple of its findings.

Disclaimer: The information on this page may come from third-party sources and is for reference only. It does not represent the views or opinions of Gate and does not constitute any financial, investment, or legal advice. Virtual asset trading involves high risk. Please do not rely solely on the information on this page when making decisions. For details, see the Disclaimer.
Comment
0/400
No comments