Jamf Threat Labs has discovered a new Rust-based macOS information-stealing malware called PamStealer, which is being spread by pretending to be the open-source clipboard management tool Maccy. If the attack succeeds, it can steal user passwords and cryptocurrency wallet keys. Jamf states that the attack distributes disk images containing malicious AppleScript files through counterfeit websites, and uses macOS PAM to verify the victim's login password before theft; after installation, it can steal browser credentials and Keychain data, monitor clipboard contents, establish persistence, and send information to a remote command-and-control server via encrypted communication. Jamf says no evidence of PamStealer being active in the wild has been found yet, and has notified Apple of its findings. (Decrypt)

View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
Add a comment
Add a comment
No comments
  • Pinned