Fake Mac Clipboard App Disguises Rust-Based PamStealer to Harvest Passwords and Wallet Keys
Table of Contents
You might want to know
• How are macOS users being tricked into installing a password-stealing program disguised as the popular Maccy clipboard manager?
• What techniques does the new Rust-based infostealer use to validate and exfiltrate sensitive credentials and crypto keys?
Main Topic
Security researchers at Jamf Threat Labs have identified a deceptive campaign that targets Mac users searching for the open-source clipboard manager Maccy. Attackers created a lookalike website that distributes a disk image containing a malicious AppleScript file named Maccy.scpt. When users open this file, they are shown instructions directing them to run the script in Apple's Script Editor; the malicious code is concealed further down the document to evade casual inspection.
The malicious campaign deposits a first-stage AppleScript that leverages macOS automation capabilities to retrieve and execute a second-stage payload. Rather than using common shell utilities such as curl or zsh, the script employs JavaScript for Automation and native macOS APIs to download the next-stage binary. This approach reduces the number of observable processes and can make detection by traditional tooling more difficult.
Jamf Threat Labs is tracking the malware under the name PamStealer, referencing one of its central behaviors: it attempts to validate the victim's login password through the macOS Pluggable Authentication Modules (PAM) before harvesting credentials. This validation step helps the malware confirm it has correct authentication material and may allow it to operate more effectively once installed.
The second-stage payload is a Rust-built binary compiled for Apple Silicon systems. It attempts to masquerade as legitimate macOS components such as Finder or Software Update to blend into the environment. Instead of keeping its configuration in plaintext, the dropper derives an encryption key from a host fingerprint — items like CPU architecture, locale, keyboard layout, and time zone — and uses that key to decrypt an integrity-checked configuration. That configuration contains the payload URL and intended installation path, providing an additional layer of operational security and target specificity.
Once installed, PamStealer performs several malicious actions: it can exfiltrate browser-saved credentials and Keychain entries, monitor the clipboard for sensitive data and crypto wallet keys, establish persistence on the endpoint, and transmit stolen data to a remote command-and-control server via encrypted channels. If the binary determines it is not running on a target that matches its host-derived fingerprint, it will quietly terminate to avoid detection.
To expand its access to protected data, the malware displays a social-engineered Finder-style alert that asks users to grant Full Disk Access. Notably, this prompt may appear up to 40 minutes after the initial infection, reducing the likelihood that the user will associate the request with the earlier download. If granted, the malware can read Mail, Messages, Time Machine backups, and other protected resources, significantly increasing the volume and sensitivity of data it can collect.
Jamf researchers also warned that attackers are increasingly buying ad space to lure victims to malicious downloads. The same research group observed a sponsored advertisement on X (formerly Twitter) promoting what appeared to be DynamicLake; the ad redirected visitors to a site instructing them to run a Terminal installation command. That payload analysis revealed a recent variant of Atomic (MacSync) Stealer. The use of verified accounts and ad placements adds apparent trust and helps these social-engineering lures succeed.
The discovery of PamStealer forms part of a broader trend in which threat actors disguise malware as legitimate developer tools, extensions, or open-source projects. Recent incidents include malicious Rust-based infostealers distributed via fake OpenAI repositories, a malicious Visual Studio Code extension that exposed internal repositories on GitHub, and supply-chain attacks targeting development tools used by AI companies. These campaigns underscore attackers' willingness to exploit trusted channels and developer-focused resources to reach targets.
Jamf has reported its findings to Apple and noted that, as of the report, it has not confirmed instances of PamStealer actively operating in the wild. Nevertheless, the techniques and design choices observed — host fingerprint gating, encrypted configuration, native API-based download, and delayed privilege prompts — represent sophisticated measures to avoid detection, persist, and harvest valuable credentials.
Critical takeaway: users should be cautious when downloading utilities from search results or ads; even seemingly minor automation instructions (like running an AppleScript) can be a vector for high-impact credential theft on macOS.
Key Insights Table
| Aspect | Description |
|---|---|
| Distribution method | Lookalike website offering a disk image with an AppleScript that instructs users to run it in Script Editor. |
| First-stage behavior | AppleScript uses JavaScript for Automation and macOS APIs to download the second-stage binary without common shell utilities. |
| Second-stage payload | Rust-based binary for Apple Silicon that masquerades as Finder/Software Update and uses encrypted configuration unlocked by host fingerprint. |
| Credential validation | Validates the victim’s login password through macOS PAM before harvesting credentials, lending confidence to stolen data. |
| Data theft capabilities | Exfiltrates browser credentials, Keychain data, clipboard contents, and can access protected data if Full Disk Access is granted. |
| Evasion techniques | Host-specific encrypted config, native API downloads, delayed privilege prompts, and process masquerading to reduce detection. |
Afterwards...
Looking forward, defenders and platform maintainers should continue to prioritize several areas to reduce the success of these campaigns. First, stronger verification and reputation signals for developer projects and advertised content can help users distinguish legitimate software from lookalikes. Second, endpoint protections that monitor macOS automation APIs (JavaScript for Automation, AppleScript) and unusual native-API download patterns can detect suspicious multi-stage chains earlier.
Additionally, educating users about the risks of executing scripts received from untrusted sites — and the specific danger of following ad-driven search results for developer tools — remains important. Enterprises should consider policies that restrict the execution of unsigned scripts, enforce least privilege, and require elevated prompts to be contextually tied to a user action.
Finally, ongoing research into host-fingerprinting defenses, secure distribution for open-source utilities, and improved telemetry for delayed or staged prompts (such as requests for Full Disk Access) will be valuable. Subtle improvements to UX and platform-level warnings that explain why permissions are requested — and when a permission request is unrelated to recent user actions — could reduce the effectiveness of delayed social-engineering prompts. Continued collaboration between security researchers, platform providers, and advertising platforms is essential to disrupt these evolving supply and ad-based delivery channels.