PAMSTEALER is a newly discovered macOS infostealer, identified by Jamf Threat Labs, which masquerades as a fake Maccy clipboard app. This Rust-based malware targets Apple Silicon Mac users and employs a two-stage infection process. The first stage uses an AppleScript dropper to download the actual Rust payload, which mimics Finder to steal sensitive information including passwords, browser data, and clipboard contents.
It leverages Apple's PAM framework to verify login credentials before exfiltrating data to its command-and-control server using encrypted communications. To defend against this threat, users should be cautious of suspicious compiled script files and unexpected password prompts.