New Mac infostealer confirms stolen passwords before stealing data
appleinsider.com Jul 2, 2026

New Mac infostealer confirms stolen passwords before stealing data

AI-summarised brief · reviewed before publication

Researchers at Jamf Threat Labs have discovered a new macOS infostealer called PamStealer, which verifies Mac login passwords before stealing sensitive data. PamStealer disguises itself as the Maccy clipboard manager and uses AppleScript alongside a Rust payload to infect Macs. The malware campaign starts with a fake website imitating the legitimate Maccy clipboard manager, delivering a malicious AppleScript application. PamStealer confirms the validity of stolen passwords through Apple's Pluggable Authentication Modules, setting it apart from other macOS infostealers. This unique feature allows attackers to immediately confirm compromised credentials. The discovery highlights a new threat to macOS users.

💡 Why It Matters

  • · PamStealer's password verification capability gives attackers a significant advantage in exploiting stolen credentials.
  • · It enables them to focus on high-value targets with confirmed valid login information.