ShellCodeX
Tools • Events • News • Insights
ShellCodeX Intelligence Brief
HIGH Cybersecurity

PamStealer spreads via fake Maccy .scpt and extracts Mac login credentials

Source headline: PamStealer Uses Fake Maccy Sites and PAM Checks to Steal Mac Login Passwords

Threat level High
Signal strength 75/100
Source confidence 1 source
Published 3 hours ago

Intelligence Summary

Jamf Threat Labs analyzed a macOS information stealer dubbed PamStealer. It is delivered as a compiled AppleScript (.scpt) file that impersonates Maccy, a legitimate clipboard manager. The malware performs checks designed to decide whether to continue and then collects sensitive information. PamStealer targets Mac systems to steal login credentials, including those used for macOS access. Users should watch for suspicious Maccy-branded .scpt downloads and ensure macOS security controls are enabled.

Recommended Action

Review affected assets, schedule urgent remediation, and monitor related indicators.

Topics

#credential-theft #macos #applecript #jamf-threat-labs #pamstealer #stealer
Original reporting The Hacker News PamStealer Uses Fake Maccy Sites and PAM Checks to Steal Mac Login Passwords
Open original source