Thehackernews
PamStealer: New macOS Infostealer Targets Users via Fake Maccy Manager
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
PamStealer is a newly identified macOS infostealer that masquerades as the legitimate Maccy clipboard manager. The malware employs a two-stage attack method, starting with a malicious AppleScript that downloads a Rust-based payload. It verifies Mac login passwords using Apple's Pluggable Authentication Modules (PAM) before stealing sensitive data, enhancing the effectiveness of stolen credentials. The attack vector involves a fraudulent website mimicking the official Maccy page, leading to the download of a malicious disk image. Once executed, PamStealer collects browser cookies, saved credentials, clipboard contents, and more, while also establishing persistence on the infected system. The malware's design incorporates social engineering tactics to convince users to enter their passwords. Jamf Threat Labs has documented this campaign, emphasizing its unique features compared to typical macOS infostealers.
Key Points: • PamStealer disguises itself as the legitimate Maccy clipboard manager to lure victims. • The malware verifies login credentials through Apple's PAM before stealing data. • PamStealer collects a wide range of sensitive information, including browser cookies and clipboard contents.