What Happened
Cybersecurity researchers have flagged a new macOS information stealer called PamStealer that employs a series of clever tricks to infect systems and siphon sensitive data. The stealer, discovered by Jamf Threat Labs, is distributed as a compiled AppleScript (.scpt) file impersonating Maccy, a legitimate open-source clipboard manager. It has been codenamed PamStealer owing to its ability to
Why It Matters
Report facts: PamStealer is a two-stage macOS infostealer distributed via a fake Maccy website (maccyapp[.]com), using a compiled AppleScript dropper to deliver a Rust-based Mach-O payload that steals browser, wallet, Keychain, clipboard, and other data.[1][2] It displays a native macOS password prompt, validates the victim’s login password using macOS Pluggable Authentication Modules (PAM), then exfiltrates encrypted data to attacker-controlled infrastructure.[1][2] CyberSE.AI analysis: While PamStealer itself targets endpoint users rather than AI systems, it illustrates broader software supply chain and fake installer risks that can equally affect AI tooling, model development environments, and agent runtimes. Organizations building or running AI agents should harden their supply chain (code-signing, source verification, SBOM) and endpoint controls around developer and operations machines, as compromise of those systems can lead to downstream AI model tampering, credential theft for AI platforms, and unauthorized data access.
CyberSE Analysis
This signal maps to AI supply chain. Organizations using AI agents, LLM APIs, SaaS integrations, or sensitive data workflows should review whether this class of issue could create unauthorized tool execution, data leakage, weak approval gates, or unmanaged supply-chain exposure.
Recommended Actions
- Restrict AI agent tool permissions and production write paths.
- Review sensitive data access across prompts, logs, embeddings, memory, and SaaS integrations.
- Add human approval workflows for high-impact or state-changing actions.
- Run prompt injection and indirect prompt injection tests against affected workflows.
- Document the owner, control gap, and remediation deadline for this risk class.
Source
https://thehackernews.com/2026/07/pamstealer-uses-fake-maccy-sites-and.html