Fake Mac clipboard app distribution campaign delivers password-stealing macOS malware that targets browser, Keychain, clipboard and crypto wallet data
first published 2026-07-05T15:46:01Z
Jamf Threat Labs identified PamStealer, a Rust-based macOS infostealer spread through a fake Maccy website and malicious AppleScript. The malware checks victim passwords through macOS PAM, steals browser credentials, Keychain data, clipboard contents, and crypto wallet keys, and attempts to trick users into granting Full Disk Access. Jamf also reported a separate ClickFix-style campaign delivered through sponsored ads on X.
AI Analysis
The article describes active malware that steals browser credentials, Keychain data, clipboard contents, and crypto wallet keys, which is directly bearish for users and wallet security. The impact is moderate to high because it is an ongoing distribution campaign affecting macOS users and includes a second campaign via sponsored ads on X.
Expected Investor Sentiment: Very Bearish
Potential Market Impact: Significant