Close Menu
FSNN | Free Speech News NetworkFSNN | Free Speech News Network
  • Home
  • News
    • Politics
    • Legal & Courts
    • Tech & Big Tech
    • Campus & Education
    • Media & Culture
    • Global Free Speech
  • Opinions
    • Debates
  • Video/Live
  • Community
  • Freedom Index
  • About
    • Mission
    • Contact
    • Support
Trending

Collateral, not yield, will decide which stablecoins win

5 minutes ago

Can Bitcoin Price Action Avoid Another ‘Absolutely Terrible’ Monday at $63,000?

7 minutes ago

Fake Mac Clipboard App Delivers New Password-Stealing Malware

8 minutes ago
Facebook X (Twitter) Instagram
Facebook X (Twitter) Discord Telegram
FSNN | Free Speech News NetworkFSNN | Free Speech News Network
Market Data Newsletter
Sunday, July 5
  • Home
  • News
    • Politics
    • Legal & Courts
    • Tech & Big Tech
    • Campus & Education
    • Media & Culture
    • Global Free Speech
  • Opinions
    • Debates
  • Video/Live
  • Community
  • Freedom Index
  • About
    • Mission
    • Contact
    • Support
FSNN | Free Speech News NetworkFSNN | Free Speech News Network
Home»Cryptocurrency & Free Speech Finance»Fake Mac Clipboard App Delivers New Password-Stealing Malware
Cryptocurrency & Free Speech Finance

Fake Mac Clipboard App Delivers New Password-Stealing Malware

News RoomBy News Room8 minutes agoNo Comments4 Mins Read706 Views
Share Facebook Twitter Pinterest Copy Link LinkedIn Tumblr Email VKontakte Telegram
Fake Mac Clipboard App Delivers New Password-Stealing Malware
Share
Facebook Twitter Pinterest Email Copy Link

Listen to the article

0:00
0:00

Key Takeaways

Playback Speed

Select a Voice

In brief

  • Jamf Threat Labs identified a new Rust-based macOS infostealer posing as the Maccy clipboard manager.
  • The malware validates victims’ passwords through macOS PAM before stealing them.
  • Researchers also spotted ClickFix-style malware delivered through a sponsored advertisement on X.

Mac users searching for the open-source clipboard manager Maccy are being targeted by a fake version of the app that installs a new Rust-based infostealer dubbed PamStealer, according to cybersecurity firm Jamf Threat Labs. If successful, the malware could steal users’ passwords and crypto wallet keys.

In a report published on Thursday, Jamf Threat Labs said the campaign uses a lookalike website to distribute a disk image containing a malicious AppleScript file named Maccy.scpt. When opened, the file displays instructions telling users to run it in Apple’s Script Editor while hiding the malicious code further down the document.

“We are tracking this malware under the name PamStealer after one of its core behaviors: validating the victim’s login password through the macOS Pluggable Authentication Modules (PAM) before harvesting it,” Jamf Threat Labs wrote.

From there, the malware uses JavaScript for Automation and native macOS APIs to download a second-stage payload without relying on common shell utilities such as curl or zsh, reducing the number of processes security tools can observe.

“With many stealers, we have seen attackers purchasing Google Ad space to lure users to the malicious app. We have recently observed malicious ads being hosted on X as well,” Jamf Threat Labs Director Jaron Bradley told Decrypt. “These social engineering techniques have proven to be highly successful.”

According to the report, the second stage is a Rust-based binary designed for Apple Silicon Macs that disguises itself as Finder or Software Update.

“Rather than storing its configuration in cleartext, the dropper derives a key from a fingerprint of the host—including its CPU architecture, locale, keyboard layout, and time zone—and uses it to unlock an encrypted, integrity-checked configuration containing the payload URL and installation path,” the company said.

Once installed, the malware can steal browser credentials and Keychain data, monitor clipboard contents, establish persistence, and send stolen information to a remote command-and-control server using encrypted communications. If it can’t verify that it’s running on its intended target, then it quietly shuts itself down.

The malware also attempts to expand its access by displaying a fake Finder alert asking users to grant Full Disk Access. The prompt can appear up to 40 minutes after infection, making it less likely that users will associate it with the original download. If approved, the malware can access protected data, including Mail, Messages, and Time Machine backups.

According to Bradley, Jamf has not observed any evidence that PamStealer is active in the wild; however, the company notified Apple of its findings. Apple did not immediately respond to a request for comment by Decrypt.

Jamf said it is seeing similar social engineering techniques spread to other platforms. 

In an X post last week, the company said it was investigating a sponsored advertisement on X promoting DynamicLake that redirected users to dynamicmacisland[.]com, where they were instructed to open Terminal and execute an installation command.

“The advertisement was delivered through a verified X account, adding another layer of trust to the social engineering,” the firm wrote. “Analysis of the payload revealed a recent Atomic (MacSync) Stealer variant.”

The findings come as attackers increasingly disguise malware as legitimate software and abuse trusted developer platforms and advertising channels. Recent campaigns have included a fake OpenAI repository that reached the top of Hugging Face’s trending projects before distributing a Rust-based infostealer, a malicious Visual Studio Code extension that GitHub said exposed roughly 3,800 internal repositories, and the Shai-Hulud software supply-chain campaign targeting development tools used by AI companies including OpenAI and Mistral AI.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.

Read the full article here

Fact Checker

Verify the accuracy of this article using AI-powered analysis and real-time sources.

Get Your Fact Check Report

Enter your email to receive detailed fact-checking analysis

5 free reports remaining

Continue with Full Access

You've used your 5 free reports. Sign up for unlimited access!

Already have an account? Sign in here

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Telegram Copy Link
News Room
  • Website
  • Facebook
  • X (Twitter)
  • Instagram
  • LinkedIn

The FSNN News Room is the voice of our in-house journalists, editors, and researchers. We deliver timely, unbiased reporting at the crossroads of finance, cryptocurrency, and global politics, providing clear, fact-driven analysis free from agendas.

Related Articles

Cryptocurrency & Free Speech Finance

Collateral, not yield, will decide which stablecoins win

5 minutes ago
Cryptocurrency & Free Speech Finance

Can Bitcoin Price Action Avoid Another ‘Absolutely Terrible’ Monday at $63,000?

7 minutes ago
Cryptocurrency & Free Speech Finance

Americans traded $571 million on Polymarket politic bets despite U.S. ban

1 hour ago
Cryptocurrency & Free Speech Finance

How big banks plan to capture a quadrillion-dollar market

2 hours ago
Media & Culture

America Was Not Founded by ‘Tariff Men,’ Contrary to This Painting in Trump’s White House

3 hours ago
Cryptocurrency & Free Speech Finance

Kalshi, state cases from the past week

3 hours ago
Add A Comment
Leave A Reply Cancel Reply

Editors Picks

Can Bitcoin Price Action Avoid Another ‘Absolutely Terrible’ Monday at $63,000?

7 minutes ago

Fake Mac Clipboard App Delivers New Password-Stealing Malware

8 minutes ago

Americans traded $571 million on Polymarket politic bets despite U.S. ban

1 hour ago

How big banks plan to capture a quadrillion-dollar market

2 hours ago
Latest Posts

America Was Not Founded by ‘Tariff Men,’ Contrary to This Painting in Trump’s White House

3 hours ago

Kalshi, state cases from the past week

3 hours ago

No Shoes, No Service, Even if You Claim a Disability

4 hours ago

Subscribe to News

Get the latest news and updates directly to your inbox.

At FSNN – Free Speech News Network, we deliver unfiltered reporting and in-depth analysis on the stories that matter most. From breaking headlines to global perspectives, our mission is to keep you informed, empowered, and connected.

FSNN.net is owned and operated by GlobalBoost Media
, an independent media organization dedicated to advancing transparency, free expression, and factual journalism across the digital landscape.

Facebook X (Twitter) Discord Telegram
Latest News

Collateral, not yield, will decide which stablecoins win

5 minutes ago

Can Bitcoin Price Action Avoid Another ‘Absolutely Terrible’ Monday at $63,000?

7 minutes ago

Fake Mac Clipboard App Delivers New Password-Stealing Malware

8 minutes ago

Subscribe to Updates

Get the latest news and updates directly to your inbox.

© 2026 GlobalBoost Media. All Rights Reserved.
  • Privacy Policy
  • Terms of Service
  • Our Authors
  • Contact

Type above and press Enter to search. Press Esc to cancel.

🍪

Cookies

We and our selected partners wish to use cookies to collect information about you for functional purposes and statistical marketing. You may not give us your consent for certain purposes by selecting an option and you can withdraw your consent at any time via the cookie icon.

Cookie Preferences

Manage Cookies

Cookies are small text that can be used by websites to make the user experience more efficient. The law states that we may store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies, we need your permission. This site uses various types of cookies. Some cookies are placed by third party services that appear on our pages.

Your permission applies to the following domains:

  • https://fsnn.net
Necessary
Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
Statistic
Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
Preferences
Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.
Marketing
Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.