2d ago · hacker-news
PamStealer is a new macOS information stealer distributed via fake Maccy websites, impersonating a legitimate clipboard manager. It uses a two-stage infection chain, starting with a malicious AppleScript dropper that downloads a Rust-based payload. The malware validates the victim's login password using macOS PAM, establishes persistence, and steals credentials, browser data, cryptocurrency wallets, and iCloud Keychain contents before exfiltrating them to attacker-controlled servers.