{"id":361146,"date":"2026-07-05T02:52:52","date_gmt":"2026-07-04T21:22:52","guid":{"rendered":"https:\/\/ebiztoday.news\/?p=361146"},"modified":"2026-07-05T02:52:52","modified_gmt":"2026-07-04T21:22:52","slug":"newly-discovered-pamstealer-is-not-your-typical-macos-malware","status":"publish","type":"post","link":"https:\/\/ebiztoday.news\/index.php\/2026\/07\/05\/newly-discovered-pamstealer-is-not-your-typical-macos-malware\/","title":{"rendered":"Newly discovered PamStealer is not your typical macOS malware"},"content":{"rendered":"<div>\n<p>Researchers have found a never-before-seen piece of macOS malware that mixes a series of clever tradecraft to contaminate Macs with stealthy, custom-developed credential-stealing code.<\/p>\n<p>The malware is delivered in two stages. The primary is distributed in a disk image that masquerades as <a href=\"https:\/\/maccy.app\/\">Maccy<\/a>, a clipboard manager for Macs. It\u2019s compiled as AppleScript that&#8217;s notable for the way in which it delivers the second stage. The malware is known as PamStealer since the Rust-written infostealer uses the Pluggable Authentication Modules interface built into macOS to validate the goal\u2019s login password before sending it to an attacker-controlled server.<\/p>\n<h2>A quieter execution chain<\/h2>\n<p>The usage of each disk image and AppleScript is common in malware for Macs. More odd is the way in which PamStealer combines them to achieve stealth. When the AppleScript is double-clicked, it\u2019s opened within the macOS Script Editor, where the malicious functionality is buried deep inside the file.<\/p>\n<p>\u201cSlightly than counting on shell commands resembling curl or zsh, the AppleScript executes a self-contained JavaScript for Automation (JXA) downloader that retrieves and stages the payload using native Objective-C APIs,\u201d researchers from Jamf, a security firm for macOS users, <a href=\"https:\/\/www.jamf.com\/blog\/pamstealer-macos-infostealer-applescript-rust\/\">wrote<\/a>. \u201cCombined with a Rust-based second stage and a password capture workflow that validates credentials locally through PAM, the result&#8217;s a quieter execution chain than we typically observe in commodity macOS stealers.\u201d<\/p>\n<p>When a user, expecting to put in a trustworthy clipboard manager, encounters the disk image, they\u2019re prompted to press Command-R immediately after double-clicking it. This command executes malicious code contained in the AppleScript directly. It also allows the execution to bypass com.apple.quarantine, a macOS attribute that gives warnings and restrictions when executable files have been downloaded from the Web.<\/p>\n<p>As Jamf explained:<\/p>\n<blockquote>\n<p>PamStealer combines a recently emerging delivery surface with a less familiar payload. While the clickable .scpt and Script Editor lure construct on tradecraft that&#8217;s already gaining adoption across the macOS threat landscape, the malware distinguishes itself through a self-contained JXA dropper, a Rust-based second stage, and a password capture workflow that validates credentials locally through PAM before harvesting them. That second stage puts considerable effort into staying hidden, masquerading as Finder, encrypting its command-and-control traffic, and holding back prompts just like the Full Disk Access request for so long as forty minutes so its activity doesn&#8217;t line up with launch. Together, these behaviors illustrate how commodity macOS stealers proceed to evolve, adopting quieter execution chains and native implementations that reduce traditional detection opportunities while remaining compatible with standard macOS features.<\/p>\n<\/blockquote>\n<p>The primary stage puts its payload inside an app bundle that impersonates real components built into macOS. The component changes from sample to sample of the malware. Finder.app under com.apple.finder.core or com.apple.finder.monitor, and a Software Update.app under com.apple.security.daemon, are two examples. In either case, they run hidden. In addition they display macOS\u2019s real Finder.icns as its icon.<\/p>\n<\/p><\/div>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Researchers have found a never-before-seen piece of macOS malware that mixes a series of clever tradecraft to contaminate Macs with stealthy, custom-developed credential-stealing code. The malware is delivered in two stages. The primary is distributed in a disk image that masquerades as Maccy, a clipboard manager for Macs. It\u2019s compiled as AppleScript that&#8217;s notable for [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":361147,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[731,6299,13287,1645,10744,53522,11868],"class_list":["post-361146","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology","tag-discovered","tag-isnt","tag-macos","tag-malware","tag-newly","tag-pamstealer","tag-typical"],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO 4.9.9 - aioseo.com -->\n\t<meta name=\"description\" content=\"Researchers have found a never-before-seen piece of macOS malware that mixes a series of clever tradecraft to contaminate Macs with stealthy, custom-developed credential-stealing code. The malware is delivered in two stages. The primary is distributed in a disk image that masquerades as Maccy, a clipboard manager for Macs. It\u2019s compiled as AppleScript that&#039;s notable for\" \/>\n\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t<meta name=\"author\" content=\"ebiztoday.news\"\/>\n\t<meta name=\"google-site-verification\" content=\"G1Pyp5JbhWr5PQ6IszY06NoXKQCjx1ChQj88DWWzPq8\" \/>\n\t<link rel=\"canonical\" href=\"https:\/\/ebiztoday.news\/index.php\/2026\/07\/05\/newly-discovered-pamstealer-is-not-your-typical-macos-malware\/\" \/>\n\t<meta name=\"generator\" content=\"All in One SEO (AIOSEO) 4.9.9\" \/>\n\t\t<meta property=\"og:locale\" content=\"en_GB\" \/>\n\t\t<meta property=\"og:site_name\" content=\"eBizToday - Your Weekly Window to World\u2019s Pulse\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"Newly discovered PamStealer is not your typical macOS malware - eBizToday\" \/>\n\t\t<meta property=\"og:description\" content=\"Researchers have found a never-before-seen piece of macOS malware that mixes a series of clever tradecraft to contaminate Macs with stealthy, custom-developed credential-stealing code. The malware is delivered in two stages. The primary is distributed in a disk image that masquerades as Maccy, a clipboard manager for Macs. It\u2019s compiled as AppleScript that&#039;s notable for\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/ebiztoday.news\/index.php\/2026\/07\/05\/newly-discovered-pamstealer-is-not-your-typical-macos-malware\/\" \/>\n\t\t<meta property=\"og:image\" content=\"https:\/\/ebiztoday.news\/wp-content\/uploads\/2025\/01\/Ebiztoday-final_10102024-1.png\" \/>\n\t\t<meta property=\"og:image:secure_url\" content=\"https:\/\/ebiztoday.news\/wp-content\/uploads\/2025\/01\/Ebiztoday-final_10102024-1.png\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2026-07-04T21:22:52+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2026-07-04T21:22:52+00:00\" \/>\n\t\t<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ebiztodaynews\" \/>\n\t\t<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n\t\t<meta name=\"twitter:title\" content=\"Newly discovered PamStealer is not your typical macOS malware - eBizToday\" \/>\n\t\t<meta name=\"twitter:description\" content=\"Researchers have found a never-before-seen piece of macOS malware that mixes a series of clever tradecraft to contaminate Macs with stealthy, custom-developed credential-stealing code. The malware is delivered in two stages. The primary is distributed in a disk image that masquerades as Maccy, a clipboard manager for Macs. It\u2019s compiled as AppleScript that&#039;s notable for\" \/>\n\t\t<meta name=\"twitter:image\" content=\"https:\/\/ebiztoday.news\/wp-content\/uploads\/2025\/01\/Ebiztoday-final_10102024-1.png\" \/>\n\t\t<script type=\"application\/ld+json\" class=\"aioseo-schema\">\n\t\t\t{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"BlogPosting\",\"@id\":\"https:\\\/\\\/ebiztoday.news\\\/index.php\\\/2026\\\/07\\\/05\\\/newly-discovered-pamstealer-is-not-your-typical-macos-malware\\\/#blogposting\",\"name\":\"Newly discovered PamStealer is not your typical macOS malware - eBizToday\",\"headline\":\"Newly discovered PamStealer is not your typical macOS malware\",\"author\":{\"@id\":\"https:\\\/\\\/ebiztoday.news\\\/index.php\\\/author\\\/ebiztoday-news\\\/#author\"},\"publisher\":{\"@id\":\"https:\\\/\\\/ebiztoday.news\\\/#person\"},\"image\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/ebiztoday.news\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/Newly-discovered-PamStealer-isnt-your-typical-macOS-malware.jpg\",\"width\":1152,\"height\":648},\"datePublished\":\"2026-07-05T02:52:52+05:30\",\"dateModified\":\"2026-07-05T02:52:52+05:30\",\"inLanguage\":\"en-GB\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/ebiztoday.news\\\/index.php\\\/2026\\\/07\\\/05\\\/newly-discovered-pamstealer-is-not-your-typical-macos-malware\\\/#webpage\"},\"isPartOf\":{\"@id\":\"https:\\\/\\\/ebiztoday.news\\\/index.php\\\/2026\\\/07\\\/05\\\/newly-discovered-pamstealer-is-not-your-typical-macos-malware\\\/#webpage\"},\"articleSection\":\"Technology, Discovered, isnt, macOS, Malware, newly, PamStealer, typical\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/ebiztoday.news\\\/index.php\\\/2026\\\/07\\\/05\\\/newly-discovered-pamstealer-is-not-your-typical-macos-malware\\\/#breadcrumblist\",\"itemListElement\":[{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/ebiztoday.news#listItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/ebiztoday.news\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/ebiztoday.news\\\/index.php\\\/category\\\/technology\\\/#listItem\",\"name\":\"Technology\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/ebiztoday.news\\\/index.php\\\/category\\\/technology\\\/#listItem\",\"position\":2,\"name\":\"Technology\",\"item\":\"https:\\\/\\\/ebiztoday.news\\\/index.php\\\/category\\\/technology\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/ebiztoday.news\\\/index.php\\\/2026\\\/07\\\/05\\\/newly-discovered-pamstealer-is-not-your-typical-macos-malware\\\/#listItem\",\"name\":\"Newly discovered PamStealer is not your typical macOS malware\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/ebiztoday.news#listItem\",\"name\":\"Home\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/ebiztoday.news\\\/index.php\\\/2026\\\/07\\\/05\\\/newly-discovered-pamstealer-is-not-your-typical-macos-malware\\\/#listItem\",\"position\":3,\"name\":\"Newly discovered PamStealer is not your typical macOS malware\",\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/ebiztoday.news\\\/index.php\\\/category\\\/technology\\\/#listItem\",\"name\":\"Technology\"}}]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/ebiztoday.news\\\/#person\",\"name\":\"ebiztoday.news\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/ebiztoday.news\\\/index.php\\\/2026\\\/07\\\/05\\\/newly-discovered-pamstealer-is-not-your-typical-macos-malware\\\/#personImage\",\"url\":\"https:\\\/\\\/ebiztoday.news\\\/wp-content\\\/litespeed\\\/avatar\\\/7d9139c27a95269cfdad19bcccfecd85.jpg?ver=1782904441\",\"width\":96,\"height\":96,\"caption\":\"ebiztoday.news\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/ebiztoday.news\\\/index.php\\\/author\\\/ebiztoday-news\\\/#author\",\"url\":\"https:\\\/\\\/ebiztoday.news\\\/index.php\\\/author\\\/ebiztoday-news\\\/\",\"name\":\"ebiztoday.news\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/ebiztoday.news\\\/index.php\\\/2026\\\/07\\\/05\\\/newly-discovered-pamstealer-is-not-your-typical-macos-malware\\\/#authorImage\",\"url\":\"https:\\\/\\\/ebiztoday.news\\\/wp-content\\\/litespeed\\\/avatar\\\/7d9139c27a95269cfdad19bcccfecd85.jpg?ver=1782904441\",\"width\":96,\"height\":96,\"caption\":\"ebiztoday.news\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/ebiztoday.news\\\/index.php\\\/2026\\\/07\\\/05\\\/newly-discovered-pamstealer-is-not-your-typical-macos-malware\\\/#webpage\",\"url\":\"https:\\\/\\\/ebiztoday.news\\\/index.php\\\/2026\\\/07\\\/05\\\/newly-discovered-pamstealer-is-not-your-typical-macos-malware\\\/\",\"name\":\"Newly discovered PamStealer is not your typical macOS malware - eBizToday\",\"description\":\"Researchers have found a never-before-seen piece of macOS malware that mixes a series of clever tradecraft to contaminate Macs with stealthy, custom-developed credential-stealing code. The malware is delivered in two stages. The primary is distributed in a disk image that masquerades as Maccy, a clipboard manager for Macs. It\\u2019s compiled as AppleScript that's notable for\",\"inLanguage\":\"en-GB\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/ebiztoday.news\\\/#website\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/ebiztoday.news\\\/index.php\\\/2026\\\/07\\\/05\\\/newly-discovered-pamstealer-is-not-your-typical-macos-malware\\\/#breadcrumblist\"},\"author\":{\"@id\":\"https:\\\/\\\/ebiztoday.news\\\/index.php\\\/author\\\/ebiztoday-news\\\/#author\"},\"creator\":{\"@id\":\"https:\\\/\\\/ebiztoday.news\\\/index.php\\\/author\\\/ebiztoday-news\\\/#author\"},\"image\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/ebiztoday.news\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/Newly-discovered-PamStealer-isnt-your-typical-macOS-malware.jpg\",\"@id\":\"https:\\\/\\\/ebiztoday.news\\\/index.php\\\/2026\\\/07\\\/05\\\/newly-discovered-pamstealer-is-not-your-typical-macos-malware\\\/#mainImage\",\"width\":1152,\"height\":648},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/ebiztoday.news\\\/index.php\\\/2026\\\/07\\\/05\\\/newly-discovered-pamstealer-is-not-your-typical-macos-malware\\\/#mainImage\"},\"datePublished\":\"2026-07-05T02:52:52+05:30\",\"dateModified\":\"2026-07-05T02:52:52+05:30\"},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/ebiztoday.news\\\/#website\",\"url\":\"https:\\\/\\\/ebiztoday.news\\\/\",\"name\":\"ebiztoday.news\",\"description\":\"Your Weekly Window to World\\u2019s Pulse\",\"inLanguage\":\"en-GB\",\"publisher\":{\"@id\":\"https:\\\/\\\/ebiztoday.news\\\/#person\"}}]}\n\t\t<\/script>\n\t\t<!-- All in One SEO -->\n\n","aioseo_head_json":{"title":"Newly discovered PamStealer is not your typical macOS malware - eBizToday","description":"Researchers have found a never-before-seen piece of macOS malware that mixes a series of clever tradecraft to contaminate Macs with stealthy, custom-developed credential-stealing code. The malware is delivered in two stages. The primary is distributed in a disk image that masquerades as Maccy, a clipboard manager for Macs. It\u2019s compiled as AppleScript that's notable for","canonical_url":"https:\/\/ebiztoday.news\/index.php\/2026\/07\/05\/newly-discovered-pamstealer-is-not-your-typical-macos-malware\/","robots":"max-image-preview:large","keywords":"","webmasterTools":{"google-site-verification":"G1Pyp5JbhWr5PQ6IszY06NoXKQCjx1ChQj88DWWzPq8","miscellaneous":""},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"BlogPosting","@id":"https:\/\/ebiztoday.news\/index.php\/2026\/07\/05\/newly-discovered-pamstealer-is-not-your-typical-macos-malware\/#blogposting","name":"Newly discovered PamStealer is not your typical macOS malware - eBizToday","headline":"Newly discovered PamStealer is not your typical macOS malware","author":{"@id":"https:\/\/ebiztoday.news\/index.php\/author\/ebiztoday-news\/#author"},"publisher":{"@id":"https:\/\/ebiztoday.news\/#person"},"image":{"@type":"ImageObject","url":"https:\/\/ebiztoday.news\/wp-content\/uploads\/2026\/07\/Newly-discovered-PamStealer-isnt-your-typical-macOS-malware.jpg","width":1152,"height":648},"datePublished":"2026-07-05T02:52:52+05:30","dateModified":"2026-07-05T02:52:52+05:30","inLanguage":"en-GB","mainEntityOfPage":{"@id":"https:\/\/ebiztoday.news\/index.php\/2026\/07\/05\/newly-discovered-pamstealer-is-not-your-typical-macos-malware\/#webpage"},"isPartOf":{"@id":"https:\/\/ebiztoday.news\/index.php\/2026\/07\/05\/newly-discovered-pamstealer-is-not-your-typical-macos-malware\/#webpage"},"articleSection":"Technology, Discovered, isnt, macOS, Malware, newly, PamStealer, typical"},{"@type":"BreadcrumbList","@id":"https:\/\/ebiztoday.news\/index.php\/2026\/07\/05\/newly-discovered-pamstealer-is-not-your-typical-macos-malware\/#breadcrumblist","itemListElement":[{"@type":"ListItem","@id":"https:\/\/ebiztoday.news#listItem","position":1,"name":"Home","item":"https:\/\/ebiztoday.news","nextItem":{"@type":"ListItem","@id":"https:\/\/ebiztoday.news\/index.php\/category\/technology\/#listItem","name":"Technology"}},{"@type":"ListItem","@id":"https:\/\/ebiztoday.news\/index.php\/category\/technology\/#listItem","position":2,"name":"Technology","item":"https:\/\/ebiztoday.news\/index.php\/category\/technology\/","nextItem":{"@type":"ListItem","@id":"https:\/\/ebiztoday.news\/index.php\/2026\/07\/05\/newly-discovered-pamstealer-is-not-your-typical-macos-malware\/#listItem","name":"Newly discovered PamStealer is not your typical macOS malware"},"previousItem":{"@type":"ListItem","@id":"https:\/\/ebiztoday.news#listItem","name":"Home"}},{"@type":"ListItem","@id":"https:\/\/ebiztoday.news\/index.php\/2026\/07\/05\/newly-discovered-pamstealer-is-not-your-typical-macos-malware\/#listItem","position":3,"name":"Newly discovered PamStealer is not your typical macOS malware","previousItem":{"@type":"ListItem","@id":"https:\/\/ebiztoday.news\/index.php\/category\/technology\/#listItem","name":"Technology"}}]},{"@type":"Person","@id":"https:\/\/ebiztoday.news\/#person","name":"ebiztoday.news","image":{"@type":"ImageObject","@id":"https:\/\/ebiztoday.news\/index.php\/2026\/07\/05\/newly-discovered-pamstealer-is-not-your-typical-macos-malware\/#personImage","url":"https:\/\/ebiztoday.news\/wp-content\/litespeed\/avatar\/7d9139c27a95269cfdad19bcccfecd85.jpg?ver=1782904441","width":96,"height":96,"caption":"ebiztoday.news"}},{"@type":"Person","@id":"https:\/\/ebiztoday.news\/index.php\/author\/ebiztoday-news\/#author","url":"https:\/\/ebiztoday.news\/index.php\/author\/ebiztoday-news\/","name":"ebiztoday.news","image":{"@type":"ImageObject","@id":"https:\/\/ebiztoday.news\/index.php\/2026\/07\/05\/newly-discovered-pamstealer-is-not-your-typical-macos-malware\/#authorImage","url":"https:\/\/ebiztoday.news\/wp-content\/litespeed\/avatar\/7d9139c27a95269cfdad19bcccfecd85.jpg?ver=1782904441","width":96,"height":96,"caption":"ebiztoday.news"}},{"@type":"WebPage","@id":"https:\/\/ebiztoday.news\/index.php\/2026\/07\/05\/newly-discovered-pamstealer-is-not-your-typical-macos-malware\/#webpage","url":"https:\/\/ebiztoday.news\/index.php\/2026\/07\/05\/newly-discovered-pamstealer-is-not-your-typical-macos-malware\/","name":"Newly discovered PamStealer is not your typical macOS malware - eBizToday","description":"Researchers have found a never-before-seen piece of macOS malware that mixes a series of clever tradecraft to contaminate Macs with stealthy, custom-developed credential-stealing code. The malware is delivered in two stages. The primary is distributed in a disk image that masquerades as Maccy, a clipboard manager for Macs. It\u2019s compiled as AppleScript that's notable for","inLanguage":"en-GB","isPartOf":{"@id":"https:\/\/ebiztoday.news\/#website"},"breadcrumb":{"@id":"https:\/\/ebiztoday.news\/index.php\/2026\/07\/05\/newly-discovered-pamstealer-is-not-your-typical-macos-malware\/#breadcrumblist"},"author":{"@id":"https:\/\/ebiztoday.news\/index.php\/author\/ebiztoday-news\/#author"},"creator":{"@id":"https:\/\/ebiztoday.news\/index.php\/author\/ebiztoday-news\/#author"},"image":{"@type":"ImageObject","url":"https:\/\/ebiztoday.news\/wp-content\/uploads\/2026\/07\/Newly-discovered-PamStealer-isnt-your-typical-macOS-malware.jpg","@id":"https:\/\/ebiztoday.news\/index.php\/2026\/07\/05\/newly-discovered-pamstealer-is-not-your-typical-macos-malware\/#mainImage","width":1152,"height":648},"primaryImageOfPage":{"@id":"https:\/\/ebiztoday.news\/index.php\/2026\/07\/05\/newly-discovered-pamstealer-is-not-your-typical-macos-malware\/#mainImage"},"datePublished":"2026-07-05T02:52:52+05:30","dateModified":"2026-07-05T02:52:52+05:30"},{"@type":"WebSite","@id":"https:\/\/ebiztoday.news\/#website","url":"https:\/\/ebiztoday.news\/","name":"ebiztoday.news","description":"Your Weekly Window to World\u2019s Pulse","inLanguage":"en-GB","publisher":{"@id":"https:\/\/ebiztoday.news\/#person"}}]},"og:locale":"en_GB","og:site_name":"eBizToday - Your Weekly Window to World\u2019s Pulse","og:type":"article","og:title":"Newly discovered PamStealer is not your typical macOS malware - eBizToday","og:description":"Researchers have found a never-before-seen piece of macOS malware that mixes a series of clever tradecraft to contaminate Macs with stealthy, custom-developed credential-stealing code. The malware is delivered in two stages. The primary is distributed in a disk image that masquerades as Maccy, a clipboard manager for Macs. It\u2019s compiled as AppleScript that's notable for","og:url":"https:\/\/ebiztoday.news\/index.php\/2026\/07\/05\/newly-discovered-pamstealer-is-not-your-typical-macos-malware\/","og:image":"https:\/\/ebiztoday.news\/wp-content\/uploads\/2025\/01\/Ebiztoday-final_10102024-1.png","og:image:secure_url":"https:\/\/ebiztoday.news\/wp-content\/uploads\/2025\/01\/Ebiztoday-final_10102024-1.png","article:published_time":"2026-07-04T21:22:52+00:00","article:modified_time":"2026-07-04T21:22:52+00:00","article:publisher":"https:\/\/www.facebook.com\/ebiztodaynews","twitter:card":"summary_large_image","twitter:title":"Newly discovered PamStealer is not your typical macOS malware - eBizToday","twitter:description":"Researchers have found a never-before-seen piece of macOS malware that mixes a series of clever tradecraft to contaminate Macs with stealthy, custom-developed credential-stealing code. The malware is delivered in two stages. The primary is distributed in a disk image that masquerades as Maccy, a clipboard manager for Macs. It\u2019s compiled as AppleScript that's notable for","twitter:image":"https:\/\/ebiztoday.news\/wp-content\/uploads\/2025\/01\/Ebiztoday-final_10102024-1.png"},"aioseo_meta_data":{"post_id":"361146","title":null,"description":null,"keywords":null,"keyphrases":null,"primary_term":null,"canonical_url":null,"og_title":null,"og_description":null,"og_object_type":"default","og_image_type":"default","og_image_url":null,"og_image_width":null,"og_image_height":null,"og_image_custom_url":null,"og_image_custom_fields":null,"og_video":null,"og_custom_url":null,"og_article_section":null,"og_article_tags":null,"twitter_use_og":false,"twitter_card":"default","twitter_image_type":"default","twitter_image_url":null,"twitter_image_custom_url":null,"twitter_image_custom_fields":null,"twitter_title":null,"twitter_description":null,"schema":{"blockGraphs":[],"customGraphs":[],"default":{"data":{"Article":[],"Course":[],"Dataset":[],"FAQPage":[],"Movie":[],"Person":[],"Product":[],"ProductReview":[],"Car":[],"Recipe":[],"Service":[],"SoftwareApplication":[],"WebPage":[]},"graphName":"","isEnabled":true},"graphs":[]},"schema_type":"default","schema_type_options":null,"pillar_content":false,"robots_default":true,"robots_noindex":false,"robots_noarchive":false,"robots_nosnippet":false,"robots_nofollow":false,"robots_noimageindex":false,"robots_noodp":false,"robots_notranslate":false,"robots_max_snippet":null,"robots_max_videopreview":null,"robots_max_imagepreview":"large","priority":null,"frequency":null,"local_seo":null,"breadcrumb_settings":null,"limit_modified_date":false,"ai":null,"created":"2026-07-04 22:25:10","updated":"2026-07-04 22:25:10","seo_analyzer_scan_date":null},"aioseo_breadcrumb":"<div class=\"aioseo-breadcrumbs\"><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/ebiztoday.news\" title=\"Home\">Home<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/ebiztoday.news\/index.php\/category\/technology\/\" title=\"Technology\">Technology<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\tNewly discovered PamStealer is not your typical macOS malware\n\t\t<\/span><\/div>","aioseo_breadcrumb_json":[{"label":"Home","link":"https:\/\/ebiztoday.news"},{"label":"Technology","link":"https:\/\/ebiztoday.news\/index.php\/category\/technology\/"},{"label":"Newly discovered PamStealer is not your typical macOS malware","link":"https:\/\/ebiztoday.news\/index.php\/2026\/07\/05\/newly-discovered-pamstealer-is-not-your-typical-macos-malware\/"}],"_links":{"self":[{"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/posts\/361146","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/comments?post=361146"}],"version-history":[{"count":2,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/posts\/361146\/revisions"}],"predecessor-version":[{"id":361149,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/posts\/361146\/revisions\/361149"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/media\/361147"}],"wp:attachment":[{"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/media?parent=361146"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/categories?post=361146"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/tags?post=361146"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}