Cryptocnews-Crypto News, Cryptocurrency News, Blockchain News, NFT News
    What's Hot

    Fake Mac Clipboard App Delivers New Password-Stealing Malware

    07/05/2026

    US Homeland Security Information Network Hit by Cyber Intruders, Exposing Sensitive Government Data

    07/05/2026

    Texas State Agency Breach Exposes Driver’s Licenses and Passports of 3 Million Residents

    07/05/2026
    Facebook Twitter Instagram
    • Business
    • Markets
    • Get In Touch
    • Our Authors
    Facebook Twitter Instagram
    Cryptocnews-Crypto News, Cryptocurrency News, Blockchain News, NFT News
    • Home
    • Business

      Kraken Plans CFTC-Regulated Perpetual Futures For US Traders

      07/04/2026

      Anthropic Bringing Claude Fable 5 Back Online as US Lifts Export Controls

      07/04/2026

      Ethereum reclaims $1,650 as Ethereum Foundation cuts 20% of workforce

      07/03/2026

      TRON Nile Testnet Deploys Quantum-Resistant Signature Cryptography

      07/03/2026

      Japanese Financial Giant SBI to Shut Down Bitcoin Mining Pool

      07/03/2026
    • Technology
      1. Business
      2. Insights
      3. View All

      Kraken Plans CFTC-Regulated Perpetual Futures For US Traders

      07/04/2026

      Anthropic Bringing Claude Fable 5 Back Online as US Lifts Export Controls

      07/04/2026

      Ethereum reclaims $1,650 as Ethereum Foundation cuts 20% of workforce

      07/03/2026

      TRON Nile Testnet Deploys Quantum-Resistant Signature Cryptography

      07/03/2026

      Bitcoin Price Analysis: The 200-Week Moving Average Decision Zone

      07/05/2026

      AppChain Thesis Dies as Aave Picks Monad Over Its Own Chain

      07/04/2026

      SEC Market Statistics Show Stronger IPO Activity In Q2 2026

      07/04/2026

      Kraken API Partner Program Targets Algorithmic Traders And Platforms

      07/04/2026

      Crypto hacks hit a record count but the biggest threat isn’t smart contracts

      07/05/2026

      Reported Riot 500 BTC custody transfer exposes Bitcoin miners’ AI funding pressure

      07/04/2026

      Inside the Trading Engine Behind ChangeNOW’s ‘Fast, Seamless Swaps’

      07/04/2026

      Ethereum reclaims $1,650 as Ethereum Foundation cuts 20% of workforce

      07/03/2026
    • Insights
      1. Bitcoin
      2. Ethereum
      3. Eurozone
      4. Monero
      5. View All

      Ethereum reclaims $1,650 as Ethereum Foundation cuts 20% of workforce

      07/03/2026

      KuCoin Pay expands crypto payments across Bangladesh, Mexico, Zambia

      07/02/2026

      REAL launches confidential layer to expand institutional RWA adoption

      07/01/2026

      Chainlink price prediction: record network growth meets bearish technicals

      06/30/2026

      Bitcoin Price Analysis: The 200-Week Moving Average Decision Zone

      07/05/2026

      AppChain Thesis Dies as Aave Picks Monad Over Its Own Chain

      07/04/2026

      Ethereum reclaims $1,650 as Ethereum Foundation cuts 20% of workforce

      07/03/2026

      Sam Altman’s Worldcoin Push Ties WLD to the AI Boom

      07/03/2026

      Ethereum reclaims $1,650 as Ethereum Foundation cuts 20% of workforce

      07/03/2026

      Wavespace Launches MiCA-Compliant Self-Custodial Bitcoin Debit Card Powered By Lightning And NWC

      07/02/2026

      KuCoin Pay expands crypto payments across Bangladesh, Mexico, Zambia

      07/02/2026

      Bitcoin Price Reclaims $60,000 As Strategy (MSTR) And Strive (ASST) Jump More Than 10%

      07/01/2026

      Ethereum reclaims $1,650 as Ethereum Foundation cuts 20% of workforce

      07/03/2026

      KuCoin Pay expands crypto payments across Bangladesh, Mexico, Zambia

      07/02/2026

      REAL launches confidential layer to expand institutional RWA adoption

      07/01/2026

      Chainlink price prediction: record network growth meets bearish technicals

      06/30/2026

      Bitcoin Price Analysis: The 200-Week Moving Average Decision Zone

      07/05/2026

      AppChain Thesis Dies as Aave Picks Monad Over Its Own Chain

      07/04/2026

      SEC Market Statistics Show Stronger IPO Activity In Q2 2026

      07/04/2026

      Kraken API Partner Program Targets Algorithmic Traders And Platforms

      07/04/2026
    • Markets
    • Get In Touch
    Cryptocnews-Crypto News, Cryptocurrency News, Blockchain News, NFT News
    Home»Uncategorized»Fake Mac Clipboard App Delivers New Password-Stealing Malware
    Uncategorized

    Fake Mac Clipboard App Delivers New Password-Stealing Malware

    adminBy admin07/05/2026No Comments4 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr Email
    Share
    Facebook Twitter LinkedIn Pinterest Email



    In brief

    • Jamf Threat Labs identified a new Rust-based macOS infostealer posing as the Maccy clipboard manager.
    • The malware validates victims’ passwords through macOS PAM before stealing them.
    • Researchers also spotted ClickFix-style malware delivered through a sponsored advertisement on X.

    Mac users searching for the open-source clipboard manager Maccy are being targeted by a fake version of the app that installs a new Rust-based infostealer dubbed PamStealer, according to cybersecurity firm Jamf Threat Labs. If successful, the malware could steal users’ passwords and crypto wallet keys.

    In a report published on Thursday, Jamf Threat Labs said the campaign uses a lookalike website to distribute a disk image containing a malicious AppleScript file named Maccy.scpt. When opened, the file displays instructions telling users to run it in Apple’s Script Editor while hiding the malicious code further down the document.

    “We are tracking this malware under the name PamStealer after one of its core behaviors: validating the victim’s login password through the macOS Pluggable Authentication Modules (PAM) before harvesting it,” Jamf Threat Labs wrote.

    From there, the malware uses JavaScript for Automation and native macOS APIs to download a second-stage payload without relying on common shell utilities such as curl or zsh, reducing the number of processes security tools can observe.

    “With many stealers, we have seen attackers purchasing Google Ad space to lure users to the malicious app. We have recently observed malicious ads being hosted on X as well,” Jamf Threat Labs Director Jaron Bradley told Decrypt. “These social engineering techniques have proven to be highly successful.”

    According to the report, the second stage is a Rust-based binary designed for Apple Silicon Macs that disguises itself as Finder or Software Update.

    “Rather than storing its configuration in cleartext, the dropper derives a key from a fingerprint of the host—including its CPU architecture, locale, keyboard layout, and time zone—and uses it to unlock an encrypted, integrity-checked configuration containing the payload URL and installation path,” the company said.

    Once installed, the malware can steal browser credentials and Keychain data, monitor clipboard contents, establish persistence, and send stolen information to a remote command-and-control server using encrypted communications. If it can’t verify that it’s running on its intended target, then it quietly shuts itself down.

    The malware also attempts to expand its access by displaying a fake Finder alert asking users to grant Full Disk Access. The prompt can appear up to 40 minutes after infection, making it less likely that users will associate it with the original download. If approved, the malware can access protected data, including Mail, Messages, and Time Machine backups.

    According to Bradley, Jamf has not observed any evidence that PamStealer is active in the wild; however, the company notified Apple of its findings. Apple did not immediately respond to a request for comment by Decrypt.

    Jamf said it is seeing similar social engineering techniques spread to other platforms. 

    In an X post last week, the company said it was investigating a sponsored advertisement on X promoting DynamicLake that redirected users to dynamicmacisland[.]com, where they were instructed to open Terminal and execute an installation command.

    “The advertisement was delivered through a verified X account, adding another layer of trust to the social engineering,” the firm wrote. “Analysis of the payload revealed a recent Atomic (MacSync) Stealer variant.”

    The findings come as attackers increasingly disguise malware as legitimate software and abuse trusted developer platforms and advertising channels. Recent campaigns have included a fake OpenAI repository that reached the top of Hugging Face’s trending projects before distributing a Rust-based infostealer, a malicious Visual Studio Code extension that GitHub said exposed roughly 3,800 internal repositories, and the Shai-Hulud software supply-chain campaign targeting development tools used by AI companies including OpenAI and Mistral AI.

    Daily Debrief Newsletter

    Start every day with the top news stories right now, plus original features, a podcast, videos and more.



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

    Related Posts

    US Homeland Security Information Network Hit by Cyber Intruders, Exposing Sensitive Government Data

    07/05/2026

    Texas State Agency Breach Exposes Driver’s Licenses and Passports of 3 Million Residents

    07/05/2026

    Apple Accused of Misrepresenting Safari Privacy While Allowing User Tracking

    07/05/2026

    Costco Accused of Concealing Heart Risks in Kirkland Grain-Free Dog Food

    07/05/2026
    Add A Comment

    Leave A Reply Cancel Reply

    Top Posts

    Millennials Are Quitting Job to Become Day Traders

    01/20/2021

    Jack Dorsey Says Bitcoin Will Unite The World

    01/15/2021

    Hong Kong Customs Arrest Four in Crypto Laundering Bust

    01/15/2021

    Subscribe to Updates

    Get the latest sports news from SportsSite about soccer, football and tennis.

    Advertisement
    Demo
    Facebook Twitter Instagram Pinterest YouTube
    Top Insights

    Fake Mac Clipboard App Delivers New Password-Stealing Malware

    07/05/2026

    US Homeland Security Information Network Hit by Cyber Intruders, Exposing Sensitive Government Data

    07/05/2026
    Get Informed

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    © {2025-2026} Copyright CryptocNews.com
    • Home
    • Business
    • Markets
    • Technology
    • Contact us

    Type above and press Enter to search. Press Esc to cancel.