Home/News/PamStealer Targets Mac Login Passwords Via Fake Maccy Sites
The Hacker News3 min read

PamStealer Targets Mac Login Passwords Via Fake Maccy Sites

A new macOS information stealer, identified as PamStealer, has been discovered by Jamf Threat Labs, employing sophisticated methods to compromise user systems and exfiltrate sensitive data. This malware is distributed as a compiled AppleScript file, disguised to mimic Maccy, a popular open-source clipboard manager. The name PamStealer is derived from its capability to steal passwords stored within macOS's Keychain.

PamStealer operates by first tricking users into downloading a malicious version of Maccy from fake websites that closely resemble the legitimate Maccy site. Once executed, the AppleScript file initiates a series of actions. A key component of its attack involves checking the user's system for the presence of the legitimate Maccy application. If Maccy is detected, PamStealer attempts to escalate its privileges by prompting the user for their administrator password, leveraging the trust users place in software updates or installations.

Upon gaining the necessary permissions, PamStealer proceeds to access and steal credentials stored in the macOS Keychain, which includes login passwords for various applications and services. The malware is designed to be stealthy, aiming to avoid detection while it performs its data-gathering operations. The discovery highlights an ongoing trend of sophisticated malware targeting macOS users, exploiting social engineering tactics and system vulnerabilities.

Jamf Threat Labs has provided technical details on PamStealer's modus operandi, emphasizing the importance of users downloading software only from official and verified sources. The researchers also advise users to be vigilant about unexpected prompts for administrator passwords, especially when installing or updating applications. The threat underscores the need for robust cybersecurity practices on all operating systems, including macOS, which is often perceived as less susceptible to malware than other platforms.

Original source — read the full reporting at the publisher:

Read on The Hacker News

Read next