Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
PamStealer Targets macOS Users via Fake Clipboard Manager

PamStealer Targets macOS Users via Fake Clipboard Manager

Posted on July 4, 2026 By CWS

PamStealer is a newly discovered threat targeting macOS systems, masquerading as the popular clipboard manager, Maccy. This sophisticated malware quietly gathers user data while avoiding detection.

How PamStealer Operates

Uncovered by Jamf Threat Labs, PamStealer uses a two-stage infection process that blends seamlessly with regular macOS activities. This begins with a deceptive disk image file named “Maccy.dmg” that contains an AppleScript file.

When activated, the file prompts users with benign-looking instructions. This trickery sets off the embedded malicious code, which then initiates the first stage by executing a JavaScript for Automation (JXA) payload through macOS APIs.

Stealth Techniques and System Checks

PamStealer’s method reduces system activity visibility, downloading a secondary payload that disguises itself as a legitimate macOS component. It performs environment checks, generating a unique key from system attributes and exits if mismatches occur.

The malware avoids specific regions, such as Russia, by examining language settings. In its second stage, a Rust-based Mach-O binary conducts activities like credential theft and data exfiltration.

Impact on User Data

Accessing browser databases via SQLite, PamStealer extracts passwords and cookies while leveraging macOS Security frameworks to stealthily access Keychain data. A deceptive system prompt captures user passwords, validating them locally with PAM.

Clipboard monitoring is constant, using the pbpaste utility to collect sensitive information at random intervals. The malware ensures persistence by registering as a login item under both modern and legacy macOS systems.

Communication and Indicators of Compromise

PamStealer communicates with its command-and-control server through encrypted channels, potentially utilizing blockchain infrastructure for resilient control. Multiple indicators of compromise (IOCs) have been identified, including suspicious domains and deceptive file paths.

This threat underscores the growing complexity of macOS malware, combining native APIs with advanced social engineering to escape traditional detection methods. Users are advised to enhance security measures to counteract these evolving threats.

Cyber Security News Tags:clipboard manager, Cybersecurity, data theft, InfoStealer, Jamf Threat Labs, Maccy, macOS, Malware, PamStealer, Rust malware

Post navigation

Previous Post: New FatFs Vulnerabilities Threaten Embedded Devices
Next Post: Critical ‘Bad Epoll’ Flaw Risks Linux and Android Security

Related Posts

Hackers Exploit Outlook for Linux Backdoor Stealth Hackers Exploit Outlook for Linux Backdoor Stealth Cyber Security News
China-Nexus Hackers Exploiting VMware vCenter Environments to Deploy Web Shells and Malware Implants China-Nexus Hackers Exploiting VMware vCenter Environments to Deploy Web Shells and Malware Implants Cyber Security News
Multiple GitLab Vulnerabilities Allow Attackers to Achieve Complete Account Takeover Multiple GitLab Vulnerabilities Allow Attackers to Achieve Complete Account Takeover Cyber Security News
Microsoft Edge for Android Adds InPrivate Tab Locking with PIN & Bio Authentication Microsoft Edge for Android Adds InPrivate Tab Locking with PIN & Bio Authentication Cyber Security News
cPanel Issues Urgent Fix for Critical Security Flaw cPanel Issues Urgent Fix for Critical Security Flaw Cyber Security News
WinRAR Directory Vulnerability Let Execute Arbitrary Code Using a Malicious File WinRAR Directory Vulnerability Let Execute Arbitrary Code Using a Malicious File Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Critical ‘Bad Epoll’ Flaw Risks Linux and Android Security
  • PamStealer Targets macOS Users via Fake Clipboard Manager
  • New FatFs Vulnerabilities Threaten Embedded Devices
  • Fake Installers Deploy SharkLoader Malware in Networks
  • Critical Vulnerabilities in FatFs Impact Millions of Devices

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Critical ‘Bad Epoll’ Flaw Risks Linux and Android Security
  • PamStealer Targets macOS Users via Fake Clipboard Manager
  • New FatFs Vulnerabilities Threaten Embedded Devices
  • Fake Installers Deploy SharkLoader Malware in Networks
  • Critical Vulnerabilities in FatFs Impact Millions of Devices

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark