New Mac Malware "PamStealer" Disguises as Clipboard App, Steals User Passwords



According to analysis by cybersecurity firm Jamf Threat Labs, a new information-stealing malware named "PamStealer" is targeting Apple Mac users by impersonating the popular open-source Mac clipboard manager "Maccy."

The malware spreads through fake websites and phishing emails. Once installed, it secretly monitors the system clipboard content, specifically stealing copied passwords, cryptocurrency wallet addresses, and other sensitive information.

PamStealer mimics the legitimate interface of Maccy in functionality, but runs malicious code in the background. It can extract stored credentials from multiple browsers and cryptocurrency wallets, and also features keylogging capabilities to further expand its theft scope.

Attackers have also signed the malware with a valid Apple developer certificate, allowing it to bypass macOS's Gatekeeper security protection mechanism.

Security experts advise Mac users to only download software from official app stores or developer websites, and to be wary of any pop-up prompts requesting installation of "system updates" or "security tools."

Users who have already installed Maccy are advised to verify the app's source from its official GitHub repository, or use XProtect and third-party security software to perform a full system scan.

Apple has been notified of the abuse of this signing certificate, and the relevant malicious domains and servers are being tracked and blocked by the security community.

#MacMalware
View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
Add a comment
Add a comment
No comments
  • Pinned