hacker-news · Crawled Jul 5, 2026
PamStealer Uses Fake Maccy Sites and PAM Checks to Steal Mac Login Passwords
3 IoCs
Read original article ↗
AI Summary
PamStealer is a new macOS information stealer distributed via fake Maccy websites, impersonating a legitimate clipboard manager. It uses a two-stage infection chain, starting with a malicious AppleScript dropper that downloads a Rust-based payload. The malware validates the victim's login password using macOS PAM, establishes persistence, and steals credentials, browser data, cryptocurrency wallets, and iCloud Keychain contents before exfiltrating them to attacker-controlled servers.
AI-extracted · verify before operational use