New PamStealer macOS malware uses two-stage delivery and PAM interface to steal credentials
By
Dan Goodin
Summary
Researchers have discovered a new macOS malware called PamStealer that uses sophisticated two-stage delivery to infect Macs with credential-stealing code. The first stage is distributed via a disk image masquerading as the Maccy clipboard manager, compiled as AppleScript. The second stage is a Rust-written infostealer that leverages the Pluggable Authentication Modules (PAM) interface built into macOS. The discovery highlights increasing efforts targeting Mac infostealers.
Source
Ars TechnicaNew PamStealer macOS malware uses two-stage delivery and PAM interface to steal credentialsarstechnica.comKey quotes
· 3 pulledResearchers have found a never-before-seen piece of macOS malware that combines a series of clever tradecraft to infect Macs with stealthy, custom-developed credential-stealing code.
The malware is delivered in two stages.
The malware is named PamStealer because the Rust-written infostealer uses the Pluggable Authentication Modules interface built into macOS.
You might also wanna read
New PamStealer macOS Malware Uses Clever Tradecraft To Remain Stealthy
PamStealer Uses Fake Maccy Sites and PAM Checks to Steal Mac Login Passwords
North Korea-linked macOS backdoor uses prompt injection to poison AI malware analysis tools
SentinelLabs has discovered a North Korea-linked macOS backdoor (tracked as macOS.Gaslight) that uses a novel evasion technique: instead of
New macOS privilege-escalation technique allows attackers to bypass enterprise security tools
Researchers at XM Cyber have discovered a novel macOS privilege-escalation technique that allows standard-privilege users to disable enterpr
Stealc 2.0 Malware: How a Modular Infostealer Has Compromised 5,000+ Endpoints in 2026
Stealc 2.0 is an advanced modular infostealer malware operating as a malware-as-a-service (MaaS) operation. It combines features from previo
undercodetesting.com·7d ago
Comments
Sign in to join the conversation.
No comments yet. Be the first.