New Mac infostealer confirms stolen passwords before stealing data
A newly discovered macOS infostealer verifies Mac login passwords before stealing sensitive data, giving attackers immediate confirmation that compromised credentials will actually work.PamStealerResearchers at Jamf Threat Labs have documented a new macOS malware campaign built around an infostealer called PamStealer. PamStealer disguises itself as the Maccy clipboard manager and uses AppleScript alongside a Rust payload to infect Macs.Jamf found that PamStealer verifies login passwords through Apple's Pluggable Authentication Modules before stealing additional data. Password verification sets PamStealer apart from most macOS infostealers, which typically capture whatever password a victim enters without confirming that it's valid.The campaign begins with a fake website that closely imitates the legitimate Maccy clipboard manager. Next, the fake website delivers a malicious AppleScript application disguised as Maccy. Continue Reading on AppleInsider | Discuss on our Forums