Scoopfeeds — Intelligent news, curated.
Newly discovered PamStealer isn't your typical macOS malware
computer-science

Newly discovered PamStealer isn't your typical macOS malware

Ars Technica · Jul 2, 2026, 7:38 PM

Researchers have found a never-before-seen piece of mac OS malware that combines a series of clever tradecraft to infect Macs with stealthy, custom-developed credential-stealing code. The malware is delivered in two stages. The first is distributed in a disk image that masquerades as Maccy, a clipboard manager for Macs. It’s compiled as Apple Script that is notable for the way it delivers the second stage. The malware is named Pam Stealer because the Rust-written infostealer uses the Pluggable Authentication Modules interface built into macOS to validate the target’s login password before sending it to an attacker-controlled server. A quieter execution chain The use of both disk image and AppleScript is common in malware for Macs. More unusual is the way PamStealer combines them to gain stealth. When the AppleScript is double-clicked, it’s opened in the macOS Script Editor, where the malicious functionality is buried deep within the file.Read full article Comments

Article preview — originally published by Ars Technica. Full story at the source.
Read full story on Ars Technica → More top stories
Aggregated and edited by the Scoop newsroom. We surface news from Ars Technica alongside other reporting so you can compare coverage in one place. Editorial policy · Corrections · About Scoop