New PamStealer Malware Targets macOS Users via Fake Maccy Clipboard App

https://hackread.com/wp-content/uploads/2026/07/pamstealer-malware-macos-fake-maccy-clipboard-app-3.jpg

Mac users searching for a clipboard manager are being redirected to a fake version of Maccy, an open-source app, in a campaign that installs a Rust-based infostealer called PamStealer.

Jamf Threat Labs reported that the malware is served from maccyapp(.)com, a lookalike domain made to impersonate the legitimate Maccy project.

Malwareanalysis reports

Researchers named the malware PamStealer because it checks a victim’s login password via macOS Pluggable Authentication Modules (PAM) before retaining it.

AppleScript Starts the Infection Chain

The attack starts with a disk image containing a compiled AppleScript file named Maccy.scpt. When opened, the file shows branded instructions that tell the user to run the script in Script Editor, while the malicious logic sits far below the visible text after a long blank section.

Jamf also found Greek and Cyrillic lookalike characters in the word “Maccy,” a small trick meant to defeat simple text matching.

Once the user runs...

Copyright of this story solely belongs to hackread.com. To see the full text click HERE