The macOS clipboard application Maccy has a counterfeit version that is attempting to steal passwords.
PamStealer malware is posing as Maccy to target Mac users
A counterfeit version of Maccy, a well-known clipboard manager for macOS, is being utilized to spread a newly identified strain of Mac malware named PamStealer. Researchers from Jamf report that the malware masquerades as the genuine open-source application, but its true aim is to steal sensitive data and capture victims' login passwords.
PamStealer is delivered as a disk image containing an AppleScript file that pretends to be Maccy. When the user opens this file, macOS executes it in Script Editor, where on-screen instructions prompt them to press Command-R. To those anticipating a standard app installation, this might seem like an unusual setup step. However, this action executes concealed malware code and initiates the attack.
A deceptive Maccy installer prompts users to press Command-R or click Run, commencing the attack.
The initial phase of the attack is designed to remain discreet. Instead of utilizing common Mac command-line tools that security teams typically monitor, the malware employs Apple’s own automation features to download and execute the next stage.
The malware's payload then conceals itself within application bundles that imitate real macOS components. Jamf identified samples posing as Finder or Software Update. These counterfeit components operate in the background and utilize Apple’s Finder icon, enhancing the attack's credibility.
The password prompt poses the greatest risk
PamStealer's most concerning tactic is its password prompt. The malware displays a dialog resembling a native Mac alert, claiming that Maccy needs to make changes and requests the user to input a password. The password is verified through macOS’s login validation system. If the input is incorrect, the prompt reappears. Once the correct password is provided, the malware captures it and shows a misleading message stating that Maccy is damaged and cannot be opened.
Researchers discovered that PamStealer can also monitor the clipboard, register itself to run again upon login, and subsequently request Full Disk Access. During testing, this prompt sometimes appeared as much as 40 minutes later, complicating the connection between the request and the fake installer.
Official channels for Maccy are now cautioning users about counterfeit websites and advising them to visit maccy.app as the sole legitimate source for the app.
I have about four years of experience, primarily focusing on gaming, PC hardware, and smartphones. In my spare time, I enjoy...
I utilized ASUS’ dual-screen laptop as a portable creative workstation, while my desktop PC gathered dust.
The Zenbook Duo may be the creative setup I desired in college.
With laptops, brands are consistently trying to balance portability with workspace efficiency. The ASUS Zenbook Duo UX8407AA aims to eliminate that dilemma by offering a compact design that encompasses an entire setup. I employed the Zenbook Duo as a creative device, mainly working with design applications, illustration, writing, and multitasking. The model I tested features Intel’s Core Ultra 7 355 processor, paired with 32GB of RAM and a 1TB SSD, providing sufficient power to handle Photoshop and Animate for sketches and animations without a hitch.
Read more
A new technology that teaches drones to sense pain could prevent your self-driving car from damaging itself.
Drones will be first, followed by autonomous vehicles. A pain-detection system that identifies issues before they occur could have significant implications for self-driving cars.
When you sprain an ankle while running, your body sends pain signals to your brain, compelling you to stop. Essentially, the capacity to feel pain prevents you from exacerbating the injury and causing more harm. Researchers at Delft University of Technology and Wageningen University have applied this concept to drones, equipping them with a digital representation of a nervous system that recognizes faulty components and generates a pain-like warning signal. Interestingly, this technology could also be applied to self-driving vehicles.
Read more
Claude Fable 5 is moving away from subscriptions, but this might not be a permanent change.
High demand is prompting Claude Fable 5 to suspend subscriptions for the time being.
Anthropic’s most advanced publicly available Claude model will cease standard subscription access after July 7, but the company is attempting to reassure users that this change may not be permanent. Fable 5 has recently returned to Claude following scrutiny from the U.S. government. Anthropic stated that it would be included in Pro, Max, Team, and select Enterprise plans for up to 50% of weekly usage limits until July 7. After this date, the model will transition to usage-credit billing, meaning users will incur charges for access beyond their standard plan limits.
Read more
Other articles
The macOS clipboard application Maccy has a counterfeit version that is attempting to steal passwords.
Maccy users have been cautioned about fraudulent websites, as researchers discovered malware that uses the app's name to obtain Mac login credentials.
