Newly discovered PamStealer isn’t your typical macOS malware
Summary
Ars Technica reports on PamStealer, a new macOS infostealer that uses a two stage delivery with a deceptive disk image and a JavaScript for Automation dropper. It validates credentials locally via PAM, uses Rust for a second stage, and masquerades as legitimate macOS components to stay hidden, signaling an evolution toward quieter, native-like malware on Mac. The article underscores the growing sophistication of Mac targeted threats and the importance of monitoring credential theft techniques.