Thehackernews
New PamStealer Malware Targets Mac Users via Fake Maccy Sites
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A new macOS infostealer named PamStealer has been discovered, which verifies Mac login passwords before stealing sensitive data. This malware, disguised as the Maccy clipboard manager, uses AppleScript and a Rust payload to infect Macs. It begins with a fake website mimicking Maccy, delivering a malicious application that checks system characteristics and retrieves a second-stage payload. PamStealer captures login credentials by displaying a fake macOS authorization prompt, validating passwords through Apple's Pluggable Authentication Modules. After confirming valid credentials, it collects data like browser cookies, clipboard contents, and cryptocurrency wallet information. The malware encrypts stolen data before transmitting it, complicating detection. It also establishes persistence by creating login items to relaunch automatically. Jamf Threat Labs documented this campaign, highlighting its targeted nature.
Key Points: • PamStealer verifies login credentials before data theft, enhancing its effectiveness. • The malware uses a fake Maccy clipboard manager site to initiate the attack. • It targets sensitive information including browser cookies and cryptocurrency wallets.