Account

The Actual News

Just the Facts, from multiple news sources.

Newly discovered PamStealer isn't your typical macOS malware

Newly discovered PamStealer isn't your typical macOS malware

Summary

Researchers discovered a new type of malware called PamStealer that targets Mac computers. It tricks users into running it by pretending to be a clipboard app, then secretly steals login passwords by validating them through macOS’s built-in system before sending them to hackers.

Key Facts

  • The malware spreads in two steps: first through a fake disk image posing as the Maccy clipboard manager, then through a hidden second-stage program.
  • PamStealer uses AppleScript and JavaScript for Automation to quietly download and run its secret code.
  • The second stage is written in the programming language Rust, which is rare for Mac malware.
  • It uses the macOS Pluggable Authentication Modules (PAM) system to check passwords locally, making stolen credentials more accurate.
  • The malware pretends to be parts of macOS, like Finder or Software Update apps, to hide its activity.
  • It delays showing security permission requests to avoid detection.
  • The malware encrypts its communications to hide data sent to hackers.
  • Users see a fake password prompt that looks like a normal system message to capture their passwords.
Read the Full Article

This is a fact-based summary from The Actual News. Click below to read the complete story directly from the original source.