PamStealer: New macOS Infostealer with PAM Password Validation
July 3, 2026
PamStealer is a macOS information stealer discovered by Jamf Threat Labs that uses fake Maccy sites for distribution. It employs a two-stage delivery with AppleScript and Rust-based payload, validates login passwords via PAM, and targets credentials, browser data, cryptocurrency wallets, and iCloud Keychain.