Skip to main content
  1. Home
  2. Computing
  3. News

macOS clipboard app Maccy has a fake out there stealing passwords

PamStealer malware is disguising itself as Maccy to target Mac users

Add as a preferred source on Google
Depicting of the Maccy clipboard app for macOS on a laptop with letters inb the background.
Nadeem Sarwar / Digital Trends

A fake version of Maccy, a popular clipboard manager for macOS, is being used to deliver a newly discovered Mac malware strain called PamStealer. Researchers at Jamf say the malware impersonates the real open-source app, but its actual purpose is to steal data and capture a victim’s login password.

PamStealer arrives as a disk image containing an AppleScript file that impersonates Maccy. Once the user opens that file, macOS launches it in Script Editor, where the on-screen instructions tell them to press Command-R. To someone expecting a normal app installer, that may look like an odd setup step. In reality, that action runs hidden malware code and starts the attack.

A fake installer starts the attack

The first part of the attack is designed to stay quiet. Instead of using common Mac command-line tools that security teams often watch for, the researchers say the malware uses Apple’s own automation features to download and launch the next stage.

Recommended Videos

The payload then hides inside app bundles that pretend to be real macOS components. Jamf found samples posing as Finder or Software Update. These fake components run in the background and use Apple’s Finder icon, which makes the attack more convincing.

The password prompt is the real danger

PamStealer’s most worrying trick is its password prompt. The malware shows a native-looking Mac dialog saying Maccy wants to make changes and asks the user to enter a password. The password is checked through macOS’s own login verification system. If it is wrong, the prompt appears again. Once the correct password is entered, the malware captures it and shows a fake message saying Maccy is damaged and cannot be opened.

Researchers also found that PamStealer can watch the clipboard, register itself to run again after login, and later ask for Full Disk Access. In testing, that prompt sometimes appeared up to 40 minutes later, making it harder to connect the request to the fake installer.

Maccy’s official channels are now warning users about fake websites, while pointing them to maccy.app as the only legitimate place to get the app.

Sudhanshu Kumar Mangalam
I’ve got about 4 years of experience, mostly covering gaming, PC hardware, and smartphones. In my free time, I like…
A new technology teaching drones to feel pain could stop your self-driving car from harming itself
Drones first, autonomous cars next. A pain-sensing system that detects failure before it happens has real stakes for self-driving vehicles.
Transportation, Vehicle, Car

When you sprain your ankle in the middle of a run, your body sends a pain signal to your brain, forcing you to stop. Essentially, the ability to sense pain stops you from pushing through the injury and causing further self-harm.

Researchers at Delft University of Technology and Wageningen University have applied this exact concept to drones, giving them a digital equivalent of a nervous system that recognizes a faulty part and triggers a pain-like warning signal. What's even more interesting is that the technology could find use in self-driving cars.

Read more
Claude Fable 5 is leaving subscriptions, but maybe not for good
High demand is pushing Claude Fable 5 out of subscriptions for now
Claude Fable 5 and Claude Mythos 5 Official Render

Anthropic’s most advanced publicly available Claude model is still leaving standard subscription access after July 7, but the company is now trying to calm fears that the move is permanent.

Fable 5 recently returned to Claude after drawing scrutiny from the U.S. government. Anthropic said it would be included on Pro, Max, Team, and select Enterprise plans for up to 50% of weekly usage limits through July 7. After that date, the model is set to move to usage-credit billing, meaning users will pay for access outside their regular plan limits.

Read more
Yet another research breaks the hype bubble for AI browsers serving serious security flaws
Four popular AI browsers can be exploited to steal your data from other open tabs.
ChatGPT Atlas browser on a MacBook.

AI browsers are being sold as the next big thing. They can summarize pages, book trips, and even make purchases for you. But a new study from the University of Washington found that four of the seven most popular ones come with a security risk serious enough to let malicious websites steal data from other sites you have open. The more capable the browser, the bigger the risk turns out to be.

The 30-year security rule that AI browsers are breaking

Read more