Skip to main content
4th of July Sale — Get 40% off Vantage subscriptions
Published loading...Updated

Newly Discovered PamStealer Isn't Your Typical macOS Malware

Jamf said the malware uses AppleScript and a Rust-based second stage to bypass macOS protections and steal passwords, with a fake Maccy site hosting the lure.

  • Security researchers discovered PamStealer, a new macOS malware that masquerades as the legitimate clipboard manager Maccy to harvest user login credentials.
  • Distributed in a disk image, the malware tricks users into executing malicious code hidden within an AppleScript file, which installs the payload onto the device.
  • Utilizing a Rust-based second stage, the malware masquerades as Finder and stays hidden for up to forty minutes, effectively bypassing standard macOS security features.
  • Using the Pluggable Authentication Modules interface, PamStealer validates stolen credentials locally and sends the data to an attacker-controlled server.
  • Users can mitigate risks by verifying website URLs, utilizing the Apple App Store, and relying on built-in security features like XProtect.
Insights by Ground AI

13 Articles

The idea that Apple computers are completely protected against malware no longer corresponds to reality. Although macOS has several layers of security, criminals have developed increasingly sophisticated campaigns to circumvent these protections by exploiting the user's own behavior. PamStealer's case, a new malware directed at macOS, shows how modern attacks combine social engineering, native code and circumvention techniques to compromise syst…

Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe
4th of July SaleGet 40% off Vantage subscriptions for yourself or a friend.Get Started

Bias Distribution

  • 100% of the sources are Center
100% Center

Factuality Info Icon

To view factuality data please Upgrade to Premium

Ownership

Info Icon

To view ownership data please Upgrade to Vantage

AppleInsider broke the news on Thursday, July 2, 2026.
Too Big Arrow Icon
Sources are mostly out of (0)

Similar News Topics

News
Feed Dots Icon
For You
Search Icon
Search
Blindspot LogoBlindspotLocal