E-Ink News Daily

Back to list

Newly discovered PamStealer isn't your typical macOS malware

Researchers have identified PamStealer, a novel macOS malware that uses a multi-stage delivery method involving a disguised disk image and AppleScript to bypass standard security checks like quarantine attributes. The threat actor employs a Rust-based infostealer that leverages the Pluggable Authentication Modules (PAM) interface to validate and steal user login credentials stealthily.

Background

macOS security relies heavily on sandboxing and quarantine attributes to prevent unauthorized software execution, making evasion techniques a key focus for threat actors. Credential theft remains a primary objective for malware developers targeting enterprise and individual Mac users.

Source
Ars Technica
Published
Jul 3, 2026 at 03:38 AM
Score
8.0 / 10