Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124

Researchers have discovered a never-before-seen macOS malware that combines a number of clever tricks to infect Macs with known custom-made hacking code.
The crime program is offered in two parts. The first one is partitioned into a disk image that makes itself look like MacyMac board manager. It is designed as an AppleScript which is very popular as it provides a second layer. The malware is called PamStealer because the infostealer written by Rust uses the Pluggable Authentication Modules feature built into macOS to verify login passwords before sending them to a server controlled by attackers.
Using disk images and AppleScript is common in Mac malware. What’s even more amazing is how PamStealer combines them to get the cheat. When AppleScript is double-clicked, it opens in the MacOS Script Editor, where malicious functionality is placed inside the file.