New PamStealer virus for macOS: how stealthy data theft works

New PamStealer virus for macOS:

Researchers at Jamf Threat Labs have discovered sophisticated malware targeting macOS users. Dubbed PamStealer, the program uses hidden mechanisms to steal credentials and other sensitive information, successfully bypassing standard system protections.

What is PamStealer

PamStealer is a highly specialized info stealer that uses unique tactics to secretly infect computers. Unlike mass threats, this emphasizes social engineering and the use of legitimate system interfaces to minimize detection by security software.

Infection occurs in two stages. First, a disk image that mimics the popular Maccy clipboard manager is distributed. The first step uses an AppleScript script that runs the main Mach-O file written in the Rust programming language.

Peculiarities of operation and methods of password theft

The key feature of PamStealer is the second stage user interaction mechanism. The virus displays a window that copies the MacOS system interface, asking for authorization to run the Maccy program. When the user enters a password, the application verifies it through the standard Pluggable Authentication Modules (PAM) mechanism.

Unlike its counterparts, PamStealer does not use calls to tools such as dscl, security or osascript, which are usually tracked by antivirus systems. If an incorrect password is entered, the window prompts for it until the winning end. After entering the correct data, the virus issues an installation error message, as if the file is corrupted – this is a psychological trick that makes the user forget about the incident.

What data does PamStealer steal

In addition to gaining access to an administrator’s or user’s password, the malware performs additional actions to steal digital assets:

  • Requesting elevated rights (full disk access) for the fake Maccy program.
  • Scanning the system for Ethereum cryptographic wallets and gaining control over them.

A successful PAM interception architecture makes the malicious process as silent as possible, minimizing suspicious activity visible to the operating system.


Don't miss interesting news

Subscribe to our channels and read announcements of high-tech news, tes

Leave a Reply

Your email address will not be published. Required fields are marked *





Articles & testsArticles

Oppo A6 Pro smartphone review: ambitious Oppo A6 Pro (CPH2799)

Creating new mid-range smartphones is no easy task. Manufacturers have to balance performance, camera capabilities, displays, and the overall cost impact of each component. How the new Oppo A6 Pro balances these factors is discussed in our review.


Sony WF-1000XM6 Bluetooth headphones review: full power

The new Sony WF-1000XM6 headphones have slightly changed their shape compared to their predecessor, received a new processor, an improved noise cancellation system, more microphones, and generally made a noticeable step forward technically.


NewsNews
| 15.18
New PamStealer virus for macOS: how stealthy data theft works

Security experts have discovered the PamStealer macOS malware, which masquerades as the Maccy app.

| 13.05
Asus Adol PM310: high-speed dual-interface SSD

Asus announced the Adol PM310 portable SSD drive with USB-A and USB-C interfaces.