Newly discovered PamStealer isn't your typical macOS malware
Summary
Researchers discovered a new type of malware called PamStealer that targets Mac computers. It tricks users into running it by pretending to be a clipboard app, then secretly steals login passwords by validating them through macOS’s built-in system before sending them to hackers.Key Facts
- The malware spreads in two steps: first through a fake disk image posing as the Maccy clipboard manager, then through a hidden second-stage program.
- PamStealer uses AppleScript and JavaScript for Automation to quietly download and run its secret code.
- The second stage is written in the programming language Rust, which is rare for Mac malware.
- It uses the macOS Pluggable Authentication Modules (PAM) system to check passwords locally, making stolen credentials more accurate.
- The malware pretends to be parts of macOS, like Finder or Software Update apps, to hide its activity.
- It delays showing security permission requests to avoid detection.
- The malware encrypts its communications to hide data sent to hackers.
- Users see a fake password prompt that looks like a normal system message to capture their passwords.
Read the Full Article
This is a fact-based summary from The Actual News. Click below to read the complete story directly from the original source.