AppleScript
Coverage of AppleScript in the Nexus archive.
- PamStealer Uses Fake Maccy Sites and PAM Checks to Steal Mac Login Passwords
Cybersecurity researchers identified PamStealer, a macOS information stealer distributed via fake Maccy AppleScript files. It uses PAM checks to steal Mac login passwords, discovered by Jamf Threat Labs.
- SHub macOS infostealer variant spoofs Apple security updates
A new variant of the SHub macOS infostealer has been discovered, using AppleScript to display a fake security update message and installing a backdoor on affected systems. This malware targets macOS devices, posing as a legitimate security update from Apple. The goal is to steal sensitive information from compromised machines.
- macOS ClickFix attacks deliver AppleScript stealers to snarf credentials, wallets
A macOS ClickFix campaign uses AppleScript-based infostealers to steal credentials and session cookies from 14 browsers, 16 cryptocurrency wallets, and over 200 extensions. The attack targets macOS users, harvesting sensitive data including browser sessions and cryptocurrency information.