securityonline.info 7/10/2026, 8:40:57 AM · external

PamStealer macOS Malware Poses as Maccy to Steal Passwords

PamStealer macOS Malware Poses as Maccy to Steal Passwords
Developing story malware 2 articles tracked
PamStealer macOS malware steals credentials via fake Maccy app
CyberSIXT Evidence Panel
Primary Source jamf.com

PAMSTEALER is a newly discovered macOS infostealer, identified by Jamf Threat Labs, which masquerades as a fake Maccy clipboard app. This Rust-based malware targets Apple Silicon Mac users and employs a two-stage infection process. The first stage uses an AppleScript dropper to download the actual Rust payload, which mimics Finder to steal sensitive information including passwords, browser data, and clipboard contents.

It leverages Apple's PAM framework to verify login credentials before exfiltrating data to its command-and-control server using encrypted communications. To defend against this threat, users should be cautious of suspicious compiled script files and unexpected password prompts.

View Primary Source Via securityonline.info

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline