Return to Threats

PamStealer Uses Fake Maccy Sites and PAM Checks to Steal Mac Login Passwords

thehackernews.com 2026-07-03 AI supply chain High

What Happened

Cybersecurity researchers have flagged a new macOS information stealer called PamStealer that employs a series of clever tricks to infect systems and siphon sensitive data. The stealer, discovered by Jamf Threat Labs, is distributed as a compiled AppleScript (.scpt) file impersonating Maccy, a legitimate open-source clipboard manager. It has been codenamed PamStealer owing to its ability to

Why It Matters

Report facts: PamStealer is a two-stage macOS infostealer distributed via a fake Maccy website (maccyapp[.]com), using a compiled AppleScript dropper to deliver a Rust-based Mach-O payload that steals browser, wallet, Keychain, clipboard, and other data.[1][2] It displays a native macOS password prompt, validates the victim’s login password using macOS Pluggable Authentication Modules (PAM), then exfiltrates encrypted data to attacker-controlled infrastructure.[1][2] CyberSE.AI analysis: While PamStealer itself targets endpoint users rather than AI systems, it illustrates broader software supply chain and fake installer risks that can equally affect AI tooling, model development environments, and agent runtimes. Organizations building or running AI agents should harden their supply chain (code-signing, source verification, SBOM) and endpoint controls around developer and operations machines, as compromise of those systems can lead to downstream AI model tampering, credential theft for AI platforms, and unauthorized data access.

Healthcare Fintech SaaS SMB AI startups

CyberSE Analysis

This signal maps to AI supply chain. Organizations using AI agents, LLM APIs, SaaS integrations, or sensitive data workflows should review whether this class of issue could create unauthorized tool execution, data leakage, weak approval gates, or unmanaged supply-chain exposure.

Recommended Actions

  • Restrict AI agent tool permissions and production write paths.
  • Review sensitive data access across prompts, logs, embeddings, memory, and SaaS integrations.
  • Add human approval workflows for high-impact or state-changing actions.
  • Run prompt injection and indirect prompt injection tests against affected workflows.
  • Document the owner, control gap, and remediation deadline for this risk class.

Source

https://thehackernews.com/2026/07/pamstealer-uses-fake-maccy-sites-and.html

Talk to AI CISO