According to Decrypt, on July 6, Jamf Threat Labs discovered a new Mac information stealer called PamStealer. The malware disguises itself as a fake version of the open-source clipboard manager Maccy. It lures users into running an AppleScript file containing malicious code through a counterfeit website, and then uses the macOS Pluggable Authentication Module to steal passwords. The second-stage payload, written in Rust, disguises itself as Finder or Software Update, allowing it to steal browser credentials, steal Keychain data, monitor clipboard content, and establish persistence. Jamf has not found evidence that the malware is active in the wild, but it has notified Apple. Researchers also found that on the X platform, sponsored ads promoting similar malware are being pushed using authenticated accounts.

View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
Add a comment
Add a comment
No comments
  • Pinned