The macOS clipboard application Maccy has a counterfeit version that is attempting to steal passwords.

The macOS clipboard application Maccy has a counterfeit version that is attempting to steal passwords.

      PamStealer malware is posing as Maccy to target Mac users

      A counterfeit version of Maccy, a well-known clipboard manager for macOS, is being utilized to spread a newly identified strain of Mac malware named PamStealer. Researchers from Jamf report that the malware masquerades as the genuine open-source application, but its true aim is to steal sensitive data and capture victims' login passwords.

      PamStealer is delivered as a disk image containing an AppleScript file that pretends to be Maccy. When the user opens this file, macOS executes it in Script Editor, where on-screen instructions prompt them to press Command-R. To those anticipating a standard app installation, this might seem like an unusual setup step. However, this action executes concealed malware code and initiates the attack.

      A deceptive Maccy installer prompts users to press Command-R or click Run, commencing the attack.

      The initial phase of the attack is designed to remain discreet. Instead of utilizing common Mac command-line tools that security teams typically monitor, the malware employs Apple’s own automation features to download and execute the next stage.

      The malware's payload then conceals itself within application bundles that imitate real macOS components. Jamf identified samples posing as Finder or Software Update. These counterfeit components operate in the background and utilize Apple’s Finder icon, enhancing the attack's credibility.

      The password prompt poses the greatest risk

      PamStealer's most concerning tactic is its password prompt. The malware displays a dialog resembling a native Mac alert, claiming that Maccy needs to make changes and requests the user to input a password. The password is verified through macOS’s login validation system. If the input is incorrect, the prompt reappears. Once the correct password is provided, the malware captures it and shows a misleading message stating that Maccy is damaged and cannot be opened.

      Researchers discovered that PamStealer can also monitor the clipboard, register itself to run again upon login, and subsequently request Full Disk Access. During testing, this prompt sometimes appeared as much as 40 minutes later, complicating the connection between the request and the fake installer.

      Official channels for Maccy are now cautioning users about counterfeit websites and advising them to visit maccy.app as the sole legitimate source for the app.

      I have about four years of experience, primarily focusing on gaming, PC hardware, and smartphones. In my spare time, I enjoy...

      I utilized ASUS’ dual-screen laptop as a portable creative workstation, while my desktop PC gathered dust.

      The Zenbook Duo may be the creative setup I desired in college.

      With laptops, brands are consistently trying to balance portability with workspace efficiency. The ASUS Zenbook Duo UX8407AA aims to eliminate that dilemma by offering a compact design that encompasses an entire setup. I employed the Zenbook Duo as a creative device, mainly working with design applications, illustration, writing, and multitasking. The model I tested features Intel’s Core Ultra 7 355 processor, paired with 32GB of RAM and a 1TB SSD, providing sufficient power to handle Photoshop and Animate for sketches and animations without a hitch.

      Read more

      A new technology that teaches drones to sense pain could prevent your self-driving car from damaging itself.

      Drones will be first, followed by autonomous vehicles. A pain-detection system that identifies issues before they occur could have significant implications for self-driving cars.

      When you sprain an ankle while running, your body sends pain signals to your brain, compelling you to stop. Essentially, the capacity to feel pain prevents you from exacerbating the injury and causing more harm. Researchers at Delft University of Technology and Wageningen University have applied this concept to drones, equipping them with a digital representation of a nervous system that recognizes faulty components and generates a pain-like warning signal. Interestingly, this technology could also be applied to self-driving vehicles.

      Read more

      Claude Fable 5 is moving away from subscriptions, but this might not be a permanent change.

      High demand is prompting Claude Fable 5 to suspend subscriptions for the time being.

      Anthropic’s most advanced publicly available Claude model will cease standard subscription access after July 7, but the company is attempting to reassure users that this change may not be permanent. Fable 5 has recently returned to Claude following scrutiny from the U.S. government. Anthropic stated that it would be included in Pro, Max, Team, and select Enterprise plans for up to 50% of weekly usage limits until July 7. After this date, the model will transition to usage-credit billing, meaning users will incur charges for access beyond their standard plan limits.

      Read more

The macOS clipboard application Maccy has a counterfeit version that is attempting to steal passwords. The macOS clipboard application Maccy has a counterfeit version that is attempting to steal passwords. The macOS clipboard application Maccy has a counterfeit version that is attempting to steal passwords. The macOS clipboard application Maccy has a counterfeit version that is attempting to steal passwords. The macOS clipboard application Maccy has a counterfeit version that is attempting to steal passwords. The macOS clipboard application Maccy has a counterfeit version that is attempting to steal passwords. The macOS clipboard application Maccy has a counterfeit version that is attempting to steal passwords.

Other articles

A novel technology that enables drones to experience pain may prevent your self-driving car from inflicting harm on itself. A novel technology that enables drones to experience pain may prevent your self-driving car from inflicting harm on itself. The same real-time early warning signals that help prevent drones from losing control might eventually notify your self-driving car when something is about to go awry. Google Maps might soon allow you to order food for you through Gemini. Google Maps might soon allow you to order food for you through Gemini. According to reports, Google Maps is working on a feature powered by Gemini that may enable users to find restaurants and place food orders without exiting the app. Sony might have been slowly undermining physical PlayStation games for quite some time. Sony might have been slowly undermining physical PlayStation games for quite some time. Sony's disc manufacturing facility has been updating the skills of its employees to work with microlenses, indicating that the strategy to phase out physical game discs may have been in preparation for some time prior to the public announcement. The BYD Seal 08 is making waves with a price tag below $30,000, offering a serious competition to the Tesla Model 3. The BYD Seal 08 is making waves with a price tag below $30,000, offering a serious competition to the Tesla Model 3. BYD introduced all of these features, including zero-gravity seats, a 26-inch AR display, and a PHEV range of 1,660 km, for less than $30,000 in China. A recent technological advancement that enables drones to experience pain may prevent your self-driving car from causing itself harm. A recent technological advancement that enables drones to experience pain may prevent your self-driving car from causing itself harm. The same real-time early warning signals that help drones maintain control might someday inform your self-driving car that something is about to go awry. A novel technology that enables drones to experience pain could prevent your self-driving car from causing harm to itself. A novel technology that enables drones to experience pain could prevent your self-driving car from causing harm to itself. The same real-time early warning signals that help prevent drones from losing control may eventually inform your self-driving car when something is likely to go awry.

The macOS clipboard application Maccy has a counterfeit version that is attempting to steal passwords.

Maccy users have been cautioned about fraudulent websites, as researchers discovered malware that uses the app's name to obtain Mac login credentials.