logo

New PamStealer Malware Targets macOS Users via Fake Maccy Clipboard App

ID: 4b5e79b6-197c-58cc-85a8-98e15a848769

STIX ID: report--4b5e79b6-197c-58cc-85a8-98e15a848769

Feed Name: HackRead

Threat Score
72/100

Date Published: 2026-07-03

Date Updated: 2026-07-03

Author: Waqas

...
...

Jamf Threat Labs identified a macOS-focused campaign distributing a Rust-based infostealer called PamStealer via a fake Maccy clipboard app delivered in a disk image; the dropper uses obfuscated AppleScript and JavaScript for Automation to download a staged payload, enforces Apple Silicon and regional checks, requests account passwords via a native-looking prompt (verified through PAM), pushes for Full Disk Access, persists as a fake Finder bundle, exfiltrates browser, keychain and clipboard data to an encrypted C2, and leaves several forensic indicators (script-triggered signing, pbpaste usage, login item entries, cache records).

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.