ShellCodeX Intelligence Brief
HIGH
Cybersecurity
PamStealer spreads via fake Maccy .scpt and extracts Mac login credentials
Source headline: PamStealer Uses Fake Maccy Sites and PAM Checks to Steal Mac Login Passwords
Threat level
High
Signal strength
75/100
Source confidence
1 source
Published
3 hours ago
Intelligence Summary
Jamf Threat Labs analyzed a macOS information stealer dubbed PamStealer. It is delivered as a compiled AppleScript (.scpt) file that impersonates Maccy, a legitimate clipboard manager. The malware performs checks designed to decide whether to continue and then collects sensitive information. PamStealer targets Mac systems to steal login credentials, including those used for macOS access. Users should watch for suspicious Maccy-branded .scpt downloads and ensure macOS security controls are enabled.
Recommended Action
Review affected assets, schedule urgent remediation, and monitor related indicators.
Topics
Original reporting
The Hacker News
PamStealer Uses Fake Maccy Sites and PAM Checks to Steal Mac Login Passwords
Open original source