Newly Discovered PamStealer Isn't Your Typical macOS Malware
Jamf said the malware uses AppleScript and a Rust-based second stage to bypass macOS protections and steal passwords, with a fake Maccy site hosting the lure.
- Security researchers discovered PamStealer, a new macOS malware that masquerades as the legitimate clipboard manager Maccy to harvest user login credentials.
- Distributed in a disk image, the malware tricks users into executing malicious code hidden within an AppleScript file, which installs the payload onto the device.
- Utilizing a Rust-based second stage, the malware masquerades as Finder and stays hidden for up to forty minutes, effectively bypassing standard macOS security features.
- Using the Pluggable Authentication Modules interface, PamStealer validates stolen credentials locally and sends the data to an attacker-controlled server.
- Users can mitigate risks by verifying website URLs, utilizing the Apple App Store, and relying on built-in security features like XProtect.
13 Articles
13 Articles
New PamStealer Mac malware poses as a clipboard manager to steal your login info — how to stay safe
Security researchers who focus on Apple devices have discovered a new macOS malware that appears to be surprisingly clever while it harvests data and login credentials. According to the IT firm Jamf (via ArsTechnica), the new malware, dubbed PamStealer, can get on your Mac in two stages. First, it disguises itself as Maccy, a clipboard manager. Apparently, PamStealer is compiled as AppleScript written in Rust that uses the Pluggable Authenticati…
Newly discovered PamStealer isn't your typical macOS malware
Researchers have found a never-before-seen piece of macOS malware that combines a series of clever tradecraft to infect Macs with stealthy, custom-developed credential-stealing code. The malware is delivered in two stages. The first is distributed in a disk image that masquerades as Maccy, a clipboard manager for Macs. It’s compiled as AppleScript that is notable for the way it delivers the second stage. The malware is named PamStealer because t…
New Mac infostealer confirms stolen passwords before stealing data
A newly discovered macOS infostealer verifies Mac login passwords before stealing sensitive data, giving attackers immediate confirmation that compromised credentials will actually work.PamStealerResearchers at Jamf Threat Labs have documented a new macOS malware campaign built around an infostealer called PamStealer. PamStealer disguises itself as the Maccy clipboard manager and uses AppleScript alongside a Rust payload to infect Macs.Jamf foun…
The idea that Apple computers are completely protected against malware no longer corresponds to reality. Although macOS has several layers of security, criminals have developed increasingly sophisticated campaigns to circumvent these protections by exploiting the user's own behavior. PamStealer's case, a new malware directed at macOS, shows how modern attacks combine social engineering, native code and circumvention techniques to compromise syst…

Coverage Details
Bias Distribution
- 100% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium









