Mac users seeking the open-source clipboard manager Maccy are being targeted by a counterfeit download that installs a new Rust-based macOS infostealer called PamStealer, according to Jamf Threat Labs. The campaign’s objective is to harvest passwords and crypto wallet keys, with researchers warning that the technique blends convincing social engineering with a stealthy, multi-stage payload designed to evade common detection methods.

Technology Use Case

Jamf Threat Labs said in a report published on Thursday that the operation relies on a lookalike website distributing a disk image that contains an AppleScript file named Maccy.scpt. When opened, the script instructs users to run it in Apple’s Script Editor, while the malicious code is concealed further down in the document. The firm said it is tracking the malware under the name PamStealer because one of its defining behaviors is validating the victim’s login password through macOS Pluggable Authentication Modules (PAM) prior to harvesting credentials.

After gaining a foothold, the malware uses JavaScript for Automation and native macOS APIs to retrieve a second-stage payload without relying on familiar shell utilities such as curl or zsh. By cutting visible command-line activity, this approach reduces the number of processes that endpoint protections typically monitor, making the intrusion less conspicuous to both users and security tools.

The second stage is a Rust-based binary tailored for Apple Silicon Macs and masquerades as Finder or Software Update, Jamf Threat Labs reported. Rather than storing configuration data in cleartext, the dropper derives a decryption key from a fingerprint of the host—incorporating CPU architecture, locale, keyboard layout, and time zone—then unlocks an encrypted, integrity-checked configuration that includes the payload URL and installation path. Once established, the malware can steal browser credentials and Keychain data, monitor clipboard contents, establish persistence, and exfiltrate data to a command-and-control server using encrypted communications. If PamStealer cannot confirm that it is running on its intended target, it shuts down quietly.

To further expand access, the malware displays a fake Finder alert that asks for Full Disk Access. Jamf Threat Labs noted that the prompt may appear up to 40 minutes after the initial infection, an interval that makes it harder for users to connect the request to the original download. If approved, the permission unlocks protected data including Mail, Messages, and Time Machine backups, widening the scope of information potentially exposed to theft.

AI Integration

Jamf Threat Labs’ findings arrive alongside evidence that similar tactics are spreading into adjacent parts of the software ecosystem closely linked to artificial intelligence development. The firm pointed to recent campaigns where attackers disguised malicious software as legitimate tools or code repositories popular with AI practitioners. Incidents have included a fake OpenAI repository that rose to the top of Hugging Face’s trending projects before distributing a Rust-based infostealer, as well as the Shai-Hulud software supply-chain operation targeting development tools used by AI companies including OpenAI and Mistral AI. The overlap underscores how trusted developer platforms and pipelines—frequently used by teams building and deploying AI models—have become attractive channels for delivering credential-stealing payloads.

For cryptocurrency users and projects operating in AI-adjacent environments, the convergence of these trends poses a direct risk. Tools like clipboard managers are common in developer workflows and everyday crypto activity, where users may copy passwords, seed phrases, and wallet addresses. Because PamStealer is designed to monitor clipboard data and tap into Keychain storage, an infected system can create exposure at the precise points where sensitive material is handled.

Market Impact

While Jamf Threat Labs emphasized that it has not observed evidence of PamStealer being active in the wild, the techniques described mirror patterns that have repeatedly preceded real-world compromises in the cryptocurrency community. The use of a familiar brand, the delivery of a seemingly helpful script, and the delayed prompt for elevated permissions all reflect a patient, interaction-heavy approach to social engineering. If such a package is installed on a workstation used for signing transactions, managing keys, or interacting with exchanges and decentralized applications, the resulting credential theft can lead to direct financial loss.

The campaign’s Rust-based design and Apple Silicon focus are notable from a security engineering standpoint. Rust’s performance and memory safety are often cited as advantages for legitimate development; in the wrong hands, those same attributes can produce efficient, cross-platform tooling that complicates static analysis. Coupled with encrypted configuration data derived from device fingerprints, this architecture makes broad signature-based detection more difficult and raises the bar for incident responders who rely on consistent indicators across multiple hosts.

Industry Response

Jamf Threat Labs said it notified Apple of its findings. Apple did not immediately respond to a request for comment by Decrypt. The firm also noted that social engineering techniques used to deliver macOS stealers are migrating across platforms and advertising channels. Beyond the counterfeit Maccy app, researchers have “recently observed malicious ads being hosted on X,” Jamf Threat Labs Director Jaron Bradley told Decrypt, describing paid placements as an increasingly effective lure.

In a related example, Jamf Threat Labs said in an X post last week that it was investigating a sponsored advertisement on X promoting DynamicLake that redirected users to dynamicmacisland[.]com, where targets were instructed to open Terminal and run an installation command. According to the firm, the advertisement was delivered through a verified X account, and analysis of the payload revealed a recent Atomic (MacSync) Stealer variant. Researchers also reported ClickFix-style malware being delivered via a sponsored advertisement on X, reflecting a pattern in which paid placements and verification badges are used to add credibility to malicious instructions.

The backdrop is a broader wave of attacks in which adversaries camouflage malware as ordinary software and exploit the trust of developer ecosystems. Recent campaigns have ranged from the fake OpenAI repository on Hugging Face that delivered a Rust-based infostealer, to a malicious Visual Studio Code extension that GitHub said exposed roughly 3,800 internal repositories, to the Shai-Hulud supply-chain activity aimed at tools used by AI companies including OpenAI and Mistral AI. Each case illustrates how the same networks that accelerate AI and crypto innovation—code-sharing platforms, package repositories, and developer tools—can be repurposed to spread credential harvesters and data exfiltration kits.

For users navigating both AI and cryptocurrency environments on macOS, the PamStealer report highlights a consistent message: well-crafted social engineering tied to everyday utilities remains an effective entry point, and the theft of passwords, browser data, and Keychain-stored secrets can cascade into compromised wallets and accounts. With attackers leaning on lookalike sites, sponsored posts, and familiar brand identities, the line between legitimate updates and weaponized downloads continues to blur—making vigilance at the moment of installation, and when prompted for expanded permissions, a critical control point.