Cybersecurity researchers at Jamf Threat Labs have uncovered a new macOS malware campaign. Attackers are using a fake version of the popular open-source clipboard manager Maccy to distribute a new infostealer dubbed PamStealer.
The malicious software, written in Rust, validates victims' passwords through macOS's Pluggable Authentication Modules before stealing them. It uses a lookalike website to spread a disk image containing a malicious AppleScript file.
"These social engineering techniques have proven to be highly successful," said Jaron Bradley, Jamf Threat Labs Director. The malware can steal browser credentials, Keychain data, and monitor clipboard contents for crypto wallet keys.
Jamf also reported seeing a sponsored advertisement on the social media platform X that distributed another infostealer variant called Atomic Stealer.
The findings highlight a growing trend of attackers disguising malware as legitimate software and abusing trusted platforms for distribution.