DeFi Daily News
Sunday, July 5, 2026
Advertisement
  • Cryptocurrency
    • Bitcoin
    • Ethereum
    • Altcoins
    • DeFi-IRA
  • DeFi
    • NFT
    • Metaverse
    • Web 3
  • Finance
    • Business Finance
    • Personal Finance
  • Markets
    • Crypto Market
    • Stock Market
    • Analysis
  • Other News
    • World & US
    • Politics
    • Entertainment
    • Tech
    • Sports
    • Health
  • Videos
No Result
View All Result
DeFi Daily News
  • Cryptocurrency
    • Bitcoin
    • Ethereum
    • Altcoins
    • DeFi-IRA
  • DeFi
    • NFT
    • Metaverse
    • Web 3
  • Finance
    • Business Finance
    • Personal Finance
  • Markets
    • Crypto Market
    • Stock Market
    • Analysis
  • Other News
    • World & US
    • Politics
    • Entertainment
    • Tech
    • Sports
    • Health
  • Videos
No Result
View All Result
DeFi Daily News
No Result
View All Result
Home DeFi Web 3

rewrite this title Fake Mac Clipboard App Delivers New Password-Stealing Malware – Decrypt

Jason Nelson by Jason Nelson
July 5, 2026
in Web 3
0 0
0
rewrite this title Fake Mac Clipboard App Delivers New Password-Stealing Malware – Decrypt
0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on Telegram
Listen to this article


rewrite this content using a minimum of 1000 words and keep HTML tags

In brief

Jamf Threat Labs identified a new Rust-based macOS infostealer posing as the Maccy clipboard manager.
The malware validates victims’ passwords through macOS PAM before stealing them.
Researchers also spotted ClickFix-style malware delivered through a sponsored advertisement on X.

Mac users searching for the open-source clipboard manager Maccy are being targeted by a fake version of the app that installs a new Rust-based infostealer dubbed PamStealer, according to cybersecurity firm Jamf Threat Labs. If successful, the malware could steal users’ passwords and crypto wallet keys.

In a report published on Thursday, Jamf Threat Labs said the campaign uses a lookalike website to distribute a disk image containing a malicious AppleScript file named Maccy.scpt. When opened, the file displays instructions telling users to run it in Apple’s Script Editor while hiding the malicious code further down the document.

“We are tracking this malware under the name PamStealer after one of its core behaviors: validating the victim’s login password through the macOS Pluggable Authentication Modules (PAM) before harvesting it,” Jamf Threat Labs wrote.

From there, the malware uses JavaScript for Automation and native macOS APIs to download a second-stage payload without relying on common shell utilities such as curl or zsh, reducing the number of processes security tools can observe.



“With many stealers, we have seen attackers purchasing Google Ad space to lure users to the malicious app. We have recently observed malicious ads being hosted on X as well,” Jamf Threat Labs Director Jaron Bradley told Decrypt. “These social engineering techniques have proven to be highly successful.”

According to the report, the second stage is a Rust-based binary designed for Apple Silicon Macs that disguises itself as Finder or Software Update.

“Rather than storing its configuration in cleartext, the dropper derives a key from a fingerprint of the host—including its CPU architecture, locale, keyboard layout, and time zone—and uses it to unlock an encrypted, integrity-checked configuration containing the payload URL and installation path,” the company said.

Once installed, the malware can steal browser credentials and Keychain data, monitor clipboard contents, establish persistence, and send stolen information to a remote command-and-control server using encrypted communications. If it can’t verify that it’s running on its intended target, then it quietly shuts itself down.

The malware also attempts to expand its access by displaying a fake Finder alert asking users to grant Full Disk Access. The prompt can appear up to 40 minutes after infection, making it less likely that users will associate it with the original download. If approved, the malware can access protected data, including Mail, Messages, and Time Machine backups.

According to Bradley, Jamf has not observed any evidence that PamStealer is active in the wild; however, the company notified Apple of its findings. Apple did not immediately respond to a request for comment by Decrypt.

Jamf said it is seeing similar social engineering techniques spread to other platforms. 

In an X post last week, the company said it was investigating a sponsored advertisement on X promoting DynamicLake that redirected users to dynamicmacisland[.]com, where they were instructed to open Terminal and execute an installation command.

“The advertisement was delivered through a verified X account, adding another layer of trust to the social engineering,” the firm wrote. “Analysis of the payload revealed a recent Atomic (MacSync) Stealer variant.”

The findings come as attackers increasingly disguise malware as legitimate software and abuse trusted developer platforms and advertising channels. Recent campaigns have included a fake OpenAI repository that reached the top of Hugging Face’s trending projects before distributing a Rust-based infostealer, a malicious Visual Studio Code extension that GitHub said exposed roughly 3,800 internal repositories, and the Shai-Hulud software supply-chain campaign targeting development tools used by AI companies including OpenAI and Mistral AI.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.

and include conclusion section that’s entertaining to read. do not include the title. Add a hyperlink to this website http://defi-daily.com and label it “DeFi Daily News” for more trending news articles like this



Source link

Tags: appClipboardDecryptDeliversFakemacmalwarePasswordStealingrewritetitle
ShareTweetShare
Previous Post

rewrite this title Bitcoin ETFs Try To Stabilize After A Brutal Run Of Outflows

Next Post

rewrite this title and make it good for SEOIsraeli strike kills two people in Gaza, medics say By Reuters

Next Post
rewrite this title and make it good for SEOIsraeli strike kills two people in Gaza, medics say By Reuters

rewrite this title and make it good for SEOIsraeli strike kills two people in Gaza, medics say By Reuters

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Search

No Result
View All Result
  • Trending
  • Comments
  • Latest
rewrite this title Will the Next Bilt Credit Card Please Stand Up? – NerdWallet

rewrite this title Will the Next Bilt Credit Card Please Stand Up? – NerdWallet

March 18, 2025
rewrite this title Ethereum Faces Bearish Pressure As Sentiment Hits 12-Month Low – Can ETH Avoid Dropping Below ,000? | Bitcoinist.com

rewrite this title Ethereum Faces Bearish Pressure As Sentiment Hits 12-Month Low – Can ETH Avoid Dropping Below $2,000? | Bitcoinist.com

March 1, 2025
Trump announces 25% tariff on India, pending home sales fall, Oppenheimer boosts S&P target to 7,100

Trump announces 25% tariff on India, pending home sales fall, Oppenheimer boosts S&P target to 7,100

July 30, 2025
How will the Fed cope with Trump’s tariffs? A former Fed president shares her take.

How will the Fed cope with Trump’s tariffs? A former Fed president shares her take.

April 3, 2025
rewrite this title and make it good for SEOMinnesota to hold recreational retail license lottery on Tuesday

rewrite this title and make it good for SEOMinnesota to hold recreational retail license lottery on Tuesday

July 18, 2025
Trump’s 50-Year Mortgage (Dave Ramsey Responds)

Trump’s 50-Year Mortgage (Dave Ramsey Responds)

December 1, 2025
rewrite this title Donald Trump asked Gianni Infantino for USA’s World Cup red card to be revoked

rewrite this title Donald Trump asked Gianni Infantino for USA’s World Cup red card to be revoked

July 5, 2026
rewrite this title XRP, Dogecoin and Bitcoin All Recovered; Crypto CEO Explains Why That Is Important

rewrite this title XRP, Dogecoin and Bitcoin All Recovered; Crypto CEO Explains Why That Is Important

July 5, 2026
Feeling Uncomfortable About A Family Gift

Feeling Uncomfortable About A Family Gift

July 5, 2026
rewrite this title and make it good for SEOIsraeli strike kills two people in Gaza, medics say By Reuters

rewrite this title and make it good for SEOIsraeli strike kills two people in Gaza, medics say By Reuters

July 5, 2026
rewrite this title Fake Mac Clipboard App Delivers New Password-Stealing Malware – Decrypt

rewrite this title Fake Mac Clipboard App Delivers New Password-Stealing Malware – Decrypt

July 5, 2026
rewrite this title Bitcoin ETFs Try To Stabilize After A Brutal Run Of Outflows

rewrite this title Bitcoin ETFs Try To Stabilize After A Brutal Run Of Outflows

July 5, 2026
DeFi Daily

Stay updated with DeFi Daily, your trusted source for the latest news, insights, and analysis in finance and cryptocurrency. Explore breaking news, expert analysis, market data, and educational resources to navigate the world of decentralized finance.

  • About Us
  • Blogs
  • DeFi-IRA | Learn More.
  • Advertise with Us
  • Disclaimer
  • Privacy Policy
  • DMCA
  • Cookie Privacy Policy
  • Terms and Conditions
  • Contact us

Copyright © 2024 Defi Daily.
Defi Daily is not responsible for the content of external sites.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Cryptocurrency
    • Bitcoin
    • Ethereum
    • Altcoins
    • DeFi-IRA
  • DeFi
    • NFT
    • Metaverse
    • Web 3
  • Finance
    • Business Finance
    • Personal Finance
  • Markets
    • Crypto Market
    • Stock Market
    • Analysis
  • Other News
    • World & US
    • Politics
    • Entertainment
    • Tech
    • Sports
    • Health
  • Videos

Copyright © 2024 Defi Daily.
Defi Daily is not responsible for the content of external sites.