PamStealer: New macOS Infostealer Targets Users via Fake Maccy Manager

PamStealer: New macOS Infostealer Targets Users via Fake Maccy Manager

First seen 3 Jul 2026, 09:25 UTC AppleinsiderThehackernewsFeeds.4Sysopswww.jamf.comthehacker.news 86% similarity 67.5
Share:

Article Content

Browse articles
ThreatCluster

PamStealer is a newly identified macOS infostealer that masquerades as the legitimate Maccy clipboard manager. The malware employs a two-stage attack method, starting with a malicious AppleScript that downloads a Rust-based payload. It verifies Mac login passwords using Apple's Pluggable Authentication Modules (PAM) before stealing sensitive data, enhancing the effectiveness of stolen credentials. The attack vector involves a fraudulent website mimicking the official Maccy page, leading to the download of a malicious disk image. Once executed, PamStealer collects browser cookies, saved credentials, clipboard contents, and more, while also establishing persistence on the infected system. The malware's design incorporates social engineering tactics to convince users to enter their passwords. Jamf Threat Labs has documented this campaign, emphasizing its unique features compared to typical macOS infostealers.

Key Points: • PamStealer disguises itself as the legitimate Maccy clipboard manager to lure victims. • The malware verifies login credentials through Apple's PAM before stealing data. • PamStealer collects a wide range of sensitive information, including browser cookies and clipboard contents.

ThreatCluster AI

Timeline

2026-07-02
PamStealer identified by Jamf Threat Labs
Researchers documented the new macOS infostealer that verifies passwords before data theft.
Appleinsider
2026-07-03
PamStealer attack method detailed
Jamf Threat Labs released findings on PamStealer's two-stage attack and its unique password verification feature.
www.jamf.com
2026-07-03
Malware uses social engineering tactics
PamStealer tricks users into entering their passwords by displaying a fake macOS authorization prompt.
Appleinsider

Community

Browse all →