English HomeApple NewsTech NewsArabic Home
Rumor

New Mac infostealer confirms stolen passwords before stealing data

AppleInsider • Thu, 02 Jul 2026

New Mac infostealer confirms stolen passwords before stealing data

A newly discovered macOS infostealer verifies Mac login passwords before stealing sensitive data, giving attackers immediate confirmation that compromised credentials will actually work. PamStealer Researchers at Jamf Threat Labs have documented a new macOS malware campaign built around an infostealer called PamStealer. PamStealer disguises itself as the Maccy clipboard manager and uses AppleScript alongside a Rust payload to infect Macs. Jamf found that PamStealer verifies login passwords through Apple's Pluggable Authentication Modules before stealing additional data. Password verification sets PamStealer apart from most macOS infostealers, which typically capture whatever password a victim enters without confirming that it's valid. The campaign begins with a fake website that closely imitates the legitimate Maccy clipboard manager. Next, the fake website delivers a malicious AppleScript application disguised as Maccy. Continue Reading on AppleInsider | Discuss on our Forums

What happened?

A newly discovered macOS infostealer verifies Mac login passwords before stealing sensitive data, giving attackers immediate confirmation that compromised credentials will actually work. PamStealer Researchers at Jamf Threat Labs have documented a new macOS malware campaign built around an infostealer called PamStealer. PamStealer disguises itself as the Maccy clipboard manager and uses AppleScript alongside a Rust payload to infect Macs. Jamf found that PamStealer verifies login passwords through Apple's Pluggable Authentication Modules before stealing additional data. Password verification sets PamStealer apart from most macOS infostealers, which typically capture whatever password a victim enters without confirming that it's valid. The campaign begins with a fake website that closely imitates the legitimate Maccy clipboard manager. Next, the fake website delivers a malicious AppleScript application disguised as Maccy. Continue Reading on AppleInsider | Discuss on our Forums

Story details

A newly discovered macOS infostealer verifies Mac login passwords before stealing sensitive data, giving attackers immediate confirmation that compromised credentials will actually work.

PamStealer Researchers at Jamf Threat Labs have documented a new macOS malware campaign built around an infostealer called PamStealer.

PamStealer disguises itself as the Maccy clipboard manager and uses AppleScript alongside a Rust payload to infect Macs.

Why it matters

This page keeps Apple rumors separate from official updates, so readers can follow early reports without confusing them with confirmed announcements.

Original source

https://appleinsider.com/articles/26/07/02/new-mac-infostealer-confirms-stolen-passwords-before-stealing-data?utm_source=rss