Security researchers who focus on Apple devices have discovered a new macOS malware that appears to be surprisingly clever while it harvests data and login credentials.According to the IT firm Jamf (via ArsTechnica), the new malware, dubbed PamStealer, can get on your Mac in two stages. First, it disguises itself as Maccy, a clipboard manager.Apparently, PamStealer is compiled as AppleScript written in Rust that uses the Pluggable Authentication Modules interface that is built into macOS to target the device's login password, which is then sent to an attacker-controlled server.What makes PamStealer unique is that it combines AppleScript and disk images to stealthily enter your computer. When you click the AppleScript, it opens the macOS Script Editor where the malware is buried in the file."Rather than relying on shell commands such as curl or zsh, the AppleScript executes a self-contained JavaScript for Automation (JXA) downloader that retrieves and stages the payload using native Objective-C APIs," the Jamf team wrote. "Combined with a Rust-based second stage and a password capture workflow that validates credentials locally through PAM, the result is a quieter execution chain than we typically observe in commodity macOS stealers."How PamStealer works
New PamStealer Mac malware poses as a clipboard manager to steal your login info — how to stay safe
Mac malware is getting more sophisticated









