Skip to content
Advertisement
When Appliance Fail?

Newly discovered PamStealer isn't your typical macOS malware

The discovery underscores the increased effort being poured into Mac infostealers.

schedule 19:38 visibility 2 views
Newly discovered PamStealer isn't your typical macOS malware
Source: Ars Technica

Researchers have found a never-before-seen piece of macOS malware that combines a series of clever tradecraft to infect Macs with stealthy, custom-developed credential-stealing code.

The malware is delivered in two stages. The first is distributed in a disk image that masquerades as Maccy, a clipboard manager for Macs. It’s compiled as AppleScript that is notable for the way it delivers the second stage. The malware is named PamStealer because the Rust-written infostealer uses the Pluggable Authentication Modules interface built into macOS to validate the target’s login password before sending it to an attacker-controlled server.

A quieter execution chain

The use of both disk image and AppleScript is common in malware for Macs. More unusual is the way PamStealer combines them to gain stealth. When the AppleScript is double-clicked, it’s opened in the macOS Script Editor, where the malicious functionality is buried deep within the file.

Read full article

Comments

newspaper

Originally published at

Ars Technica

open_in_new Read Full Article

Related Articles

Read More

Influencer screenings aren’t going away
Sports

Influencer screenings aren’t going away

For a few days, it seemed like Universal decided that there would be no advanced screenings of Christopher Nolan's The Odyssey for influencers. But on Monday, influencers sat alongside traditional critics and journalists at special showings of The...

The Verge
FRANCE 24 meets Macdi, Senegal's star content creator
Sports

FRANCE 24 meets Macdi, Senegal's star content creator

He’s one of Francophone Africa’s most followed influencers. With his humourous content about everyday life, Macdi has drawn a huge number of followers into his enigmatic universe of wild scenarios. Over the last three months he’s gained over two...

France 24
Your Appliance Broke?
Reliable Repair for