A lookalike of an open-source clipboard manager is being used as a lure for a macOS infostealer that leans on native automation, local password checks, and clipboard scraping.
A disguised Mac utility, a two-stage payload, and local password validation through PAM reveal a stealthier playbook for credential theft.
A compiled AppleScript lure, a cloned download page, and a local authentication check show how macOS trust can be turned against the user.