Researchers have identified PamStealer, a novel macOS malware that uses a multi-stage delivery method involving a disguised disk image and AppleScript to bypass standard security checks like quarantine attributes. The threat actor employs a Rust-based infostealer that leverages the Pluggable Authentication Modules (PAM) interface to validate and steal user login credentials stealthily.
Background
macOS security relies heavily on sandboxing and quarantine attributes to prevent unauthorized software execution, making evasion techniques a key focus for threat actors. Credential theft remains a primary objective for malware developers targeting enterprise and individual Mac users.
- Source
- Ars Technica
- Published
- Jul 3, 2026 at 03:38 AM
- Score
- 8.0 / 10