New macOS Malware 'PamStealer' Uses Stealthy Two-Stage Attack to Harvest User Credentials
Security researchers have discovered a previously unseen macOS malware called PamStealer that employs a two-stage infection mechanism, disguising itself as the clipboard manager app Maccy. The first stage uses a spoofed disk image, while the second stage deploys credential-stealing code via AppleScript, making detection extremely difficult.

Highlights
- PamStealer is a newly discovered macOS malware that has not been previously documented by security researchers.
- The malware spreads via a disk image file spoofed as the legitimate Maccy clipboard manager application.
- A two-stage infection chain is used: stage one is compiled in AppleScript and deploys the stage-two credential-stealing payload.
- PamStealer is specifically designed for stealth and long-term persistence, making it difficult to detect on compromised Mac systems.
- Security researchers have publicly disclosed full technical details; Mac users are urged to download apps only from official sources and keep systems updated.
New macOS Malware 'PamStealer' Uses Stealthy Two-Stage Attack to Harvest User Credentials
Security researchers have identified a previously unknown macOS malware that combines multiple sophisticated attack techniques to covertly implant a custom credential-stealing payload on Mac devices.
Two-Stage Infection Mechanism
According to reporting by Ars Technica, the malware — dubbed PamStealer — operates through a two-stage infection chain:
- Stage One: The malware is distributed via a disk image file disguised as Maccy, a legitimate Mac clipboard management application, tricking users into downloading and installing it.
- Stage Two: The first-stage component, compiled in AppleScript, covertly deploys the second-stage malicious payload, ultimately executing credential theft on the compromised system.
Naming and Threat Characteristics
PamStealer's name is closely tied to its attack methodology. The malware is specifically engineered to evade detection and maintain long-term persistence on victim systems, posing a significant security risk to Mac users.
Full technical details have been publicly disclosed by the researchers. Mac users are advised to remain vigilant, avoid downloading applications from unofficial sources, and keep their operating systems and security software up to date.
Original reporting: Ars Technica / Slashdot
原文來源: 查看原文
FAQ
Newsletter
Subscribe to our Low-Altitude Industry Newsletter
Daily curated news on low-altitude economy and drone industry, delivered to your inbox.


