Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
PamStealer Targets macOS Users via Fake Clipboard Manager

PamStealer Targets macOS Users via Fake Clipboard Manager

Posted on July 4, 2026 By CWS

PamStealer is a newly discovered threat targeting macOS systems, masquerading as the popular clipboard manager, Maccy. This sophisticated malware quietly gathers user data while avoiding detection.

How PamStealer Operates

Uncovered by Jamf Threat Labs, PamStealer uses a two-stage infection process that blends seamlessly with regular macOS activities. This begins with a deceptive disk image file named “Maccy.dmg” that contains an AppleScript file.

When activated, the file prompts users with benign-looking instructions. This trickery sets off the embedded malicious code, which then initiates the first stage by executing a JavaScript for Automation (JXA) payload through macOS APIs.

Stealth Techniques and System Checks

PamStealer’s method reduces system activity visibility, downloading a secondary payload that disguises itself as a legitimate macOS component. It performs environment checks, generating a unique key from system attributes and exits if mismatches occur.

The malware avoids specific regions, such as Russia, by examining language settings. In its second stage, a Rust-based Mach-O binary conducts activities like credential theft and data exfiltration.

Impact on User Data

Accessing browser databases via SQLite, PamStealer extracts passwords and cookies while leveraging macOS Security frameworks to stealthily access Keychain data. A deceptive system prompt captures user passwords, validating them locally with PAM.

Clipboard monitoring is constant, using the pbpaste utility to collect sensitive information at random intervals. The malware ensures persistence by registering as a login item under both modern and legacy macOS systems.

Communication and Indicators of Compromise

PamStealer communicates with its command-and-control server through encrypted channels, potentially utilizing blockchain infrastructure for resilient control. Multiple indicators of compromise (IOCs) have been identified, including suspicious domains and deceptive file paths.

This threat underscores the growing complexity of macOS malware, combining native APIs with advanced social engineering to escape traditional detection methods. Users are advised to enhance security measures to counteract these evolving threats.

Cyber Security News Tags:clipboard manager, Cybersecurity, data theft, InfoStealer, Jamf Threat Labs, Maccy, macOS, Malware, PamStealer, Rust malware

Post navigation

Previous Post: New FatFs Vulnerabilities Threaten Embedded Devices

Related Posts

SideWinder APT Hackers Attacking Indian Entities by Masquerading as the Income Tax Department of India SideWinder APT Hackers Attacking Indian Entities by Masquerading as the Income Tax Department of India Cyber Security News
Researchers Unmasked Russia’s Most Secretive FSB’s Spy Network Researchers Unmasked Russia’s Most Secretive FSB’s Spy Network Cyber Security News
New Botnet Loader-as-a-Service Exploiting Routers and IoT Devices to Deploy Mirai Payloads New Botnet Loader-as-a-Service Exploiting Routers and IoT Devices to Deploy Mirai Payloads Cyber Security News
CISA Alerts on Linux Kernel Vulnerability Threat CISA Alerts on Linux Kernel Vulnerability Threat Cyber Security News
Yoma Fleet Enhances Cybersecurity with AccuKnox SIEM Yoma Fleet Enhances Cybersecurity with AccuKnox SIEM Cyber Security News
ZionSiphon Malware Threatens Israel’s Water Infrastructure ZionSiphon Malware Threatens Israel’s Water Infrastructure Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • PamStealer Targets macOS Users via Fake Clipboard Manager
  • New FatFs Vulnerabilities Threaten Embedded Devices
  • Fake Installers Deploy SharkLoader Malware in Networks
  • Critical Vulnerabilities in FatFs Impact Millions of Devices
  • Hackers Exploit Blogspot and PowerShell for Data Theft

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • PamStealer Targets macOS Users via Fake Clipboard Manager
  • New FatFs Vulnerabilities Threaten Embedded Devices
  • Fake Installers Deploy SharkLoader Malware in Networks
  • Critical Vulnerabilities in FatFs Impact Millions of Devices
  • Hackers Exploit Blogspot and PowerShell for Data Theft

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark