Newly discovered PamStealer isn't your typical macOS malware
The discovery underscores the increased effort being poured into Mac infostealers.
Signal weather
Rising
Momentum is building quickly, so this card is a good early entry point into the topic.
Researchers have found a never-before-seen piece of macOS malware that combines a series of clever tradecraft to infect Macs with stealthy, custom-developed credential-stealing code. The malware is delivered in two stages. The first is distributed in a disk image that masquerades as Maccy, a clipboard manager for Macs. It’s compiled as AppleScript that is notable for the way it delivers the second stage. The malware is named PamStealer because the Rust-written infostealer uses the Pluggable Authentication Modules interface built into macOS to validate the target’s login password before sending it to an attacker-controlled server. A quieter execution chain The use of both disk image and AppleScript is common in malware for Macs. More unusual is the way PamStealer combines them to gain stealth. When the AppleScript is double-clicked, it’s opened in the macOS Script Editor, where the malicious functionality is buried deep within the file. Read full article Comments
Stay on the signal
Follow Newly discovered PamStealer isn't your typical macOS malware
Follow this story beyond a single article: new follow-ups, adjacent sources, and the evolving storyline.
Story map
Understand this topic fast
A quick entry into the story: why it matters now, who is involved, and where to go next for context.
Why it matters now
Topic constellation
Open the live map for this story
See which entities, story threads, sources, and follow-up articles shape this story right now.
Click nodes to continue
Entity pages
Story timeline
Continue with this story
A short sequence of events and follow-up stories to understand the arc quickly.
How reliable this looks
Signal and trust for Ars Technica
This source works at a rapid pace: 100% of recent stories land in the hot window, and 0% carry visible search signal.
Reliability
92
Freshness
100
Sources in storyline
1
Related articles
More stories that share tags, source, or category context.
FAA proposal: Supersonic airliners can fly over US cities if they’re quiet
New US rules would legalize quiet supersonic flights without the sonic boom.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.
Ars Live recap: When are the big rockets NASA desperately needs going to be ready?
I have not seen anyone put out a date for a new rocket, and actually hit it.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.
Plex debuts 5-year membership pass for $250
Plex is pushing customers to newer features and more frequent payments.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.
Africa CDC confirms Marburg case in Uganda as Ebola outbreak rages
Early reports indicate there may be another case, but spread is thought to be localized.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.
More from Ars Technica
Fresh reporting and follow-up coverage from the same newsroom.
FAA proposal: Supersonic airliners can fly over US cities if they’re quiet
New US rules would legalize quiet supersonic flights without the sonic boom.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.
Ars Live recap: When are the big rockets NASA desperately needs going to be ready?
I have not seen anyone put out a date for a new rocket, and actually hit it.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.
Plex debuts 5-year membership pass for $250
Plex is pushing customers to newer features and more frequent payments.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.
Africa CDC confirms Marburg case in Uganda as Ebola outbreak rages
Early reports indicate there may be another case, but spread is thought to be localized.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.