importantSYS.SOURCE: The Hacker News• 2026-07-03T13:33:37+05:30
PamStealer Credential Theft via PAM Validation and Fake macOS Site Impersonation
#Credential Theft#macOS Security#PAM#Infostealer
A new macOS information stealer, PamStealer, uses a staged delivery method involving a fake Maccy site and AppleScript to execute a Rust-based payload. The malware employs the macOS Pluggable Authentication Modules (PAM) to validate login credentials locally, ensuring a quieter and more stealthy credential theft process.
Cybersecurity researchers have flagged a new macOS information stealer called PamStealer that employs a series of clever tricks to infect systems and siphon sensitive data.
The stealer, discovered by Jamf Threat Labs, is distributed as a compiled AppleScript (.scpt) file impersonating Maccy, a legitimate open-source clipboard manager. It has been codenamed PamStealer owing to its ability to
*** END OF TRANSMISSION ***