Fake Maccy site ships PamStealer, macOS infostealer built to grab passwords, Keychain data, and wallet keys


3 recorded changes
Want your article here?
Promote with Leviathan News

3 recorded changes
Want your article here?
Promote with Leviathan NewsJamf Threat Labs found PamStealer packaged as a fake Maccy clipboard manager on maccyapp[.]com, with an AppleScript dropper and a Rust second stage keyed to Apple silicon Macs. It validates the victim's login password through PAM, watches the clipboard, grabs Keychain and wallet-extension data, and can wait up to 40 minutes before pushing a fake Finder Full Disk Access prompt. Jamf told Decrypt it has not seen PamStealer active in the wild; Apple was notified and had not responded by publication.
TLDR by @Benthic

𝕏/@extendedapp ·

𝕏/@Lighter_xyz ·

The Block ·

Chainalysis ·

𝕏/@jswihart ·

midnight.network ·

𝕏/@extendedapp ·

𝕏/@Lighter_xyz ·

The Block ·

Chainalysis ·

𝕏/@jswihart ·

midnight.network ·
🚀 Love DeFi? Ready to dive in and start earning $SQUID while making an impact?