DigiNews

Tech Watch by Johan Denoyer

← Back to articles

Newly discovered PamStealer isn’t your typical macOS malware

Quality: 8/10 Relevance: 9/10

Summary

Ars Technica reports on PamStealer, a new macOS infostealer that uses a two stage delivery with a deceptive disk image and a JavaScript for Automation dropper. It validates credentials locally via PAM, uses Rust for a second stage, and masquerades as legitimate macOS components to stay hidden, signaling an evolution toward quieter, native-like malware on Mac. The article underscores the growing sophistication of Mac targeted threats and the importance of monitoring credential theft techniques.

🚀 Service construit par Johan Denoyer