U.S. Space Force Collaborates with Private Startups for Orbital Reconnaissance Missions
Researchers discovered a previously unseen macOS malware called PamStealer, which employs sophisticated methods to steal user credentials.The malware operates in two stages: the first is a disk image disguised as a clipboard manager named Maccy, which is compiled as AppleScript.
The second stage uses Rust-based code to exploit macOS's Pluggable Authentication Modules (PAM) interface to validate login passwords before transmitting them to an attacker's server.The malware mimics a system authorization request, tricking users into entering their passwords.Once validated, it displays a decoy message claiming the file is damaged to avoid suspicion.Additional tactics include requesting full disk access and accessing Ethereum accounts.The malware's use of local PAM validation, rather than external processes, makes it harder to detect.Security experts note that this highlights vulnerabilities in macOS's password prompts, which have been exploited by malware for years.The incident underscores the need for improved user education and system security measures against such sophisticated threats.