New PamStealer Malware Targets macOS Users via Fake Maccy Clipboard App
What Happened — A newly identified macOS‑only malware family dubbed PamStealer is being distributed through a counterfeit version of the popular “Maccy” clipboard manager. Once installed, the malicious app harvests saved passwords, browser credentials, and any data copied to the clipboard.
Why It Matters for Compliance & Audit Readiness
- Credential theft is a classic violation of SOC 2 CC6.1 (Logical Access) and CC6.2 (User Authentication) controls; organizations must prove they enforce strong access‑management policies and monitor for unauthorized credential use.
- The distribution method (fake app) underscores the need for continuous security awareness training and documented evidence that users are educated on trusted‑source software verification.
Who Is Affected — Enterprises with macOS workstations across technology, design, and professional services sectors; any organization that permits employees to install third‑party utilities on corporate devices.
Recommended Actions
- Review and tighten macOS endpoint hardening policies (e.g., approved‑application lists, code‑signing verification).
- Map the incident to SOC 2 Access Controls (CC6.1/CC6.2) and collect evidence of policy enforcement and user training.
- Deploy or refresh Security Awareness Training that covers phishing‑style app impersonation and safe software sourcing.
Technical Notes — The malware is packaged as a signed DMG that mimics the legitimate Maccy binary. It leverages macOS accessibility APIs to read the clipboard and parses stored browser password files (e.g., Chrome, Safari). No public CVE is associated; the threat is a novel malware campaign. Source: HackRead