The newly discovered Pamstealer is not your typical macOS malware



Researchers have discovered a never-before-seen macOS malware that combines a number of clever tricks to infect Macs with known custom-made hacking code.

The crime program is offered in two parts. The first one is partitioned into a disk image that makes itself look like MacyMac board manager. It is designed as an AppleScript which is very popular as it provides a second layer. The malware is called PamStealer because the infostealer written by Rust uses the Pluggable Authentication Modules feature built into macOS to verify login passwords before sending them to a server controlled by attackers.

Limited chain

Using disk images and AppleScript is common in Mac malware. What’s even more amazing is how PamStealer combines them to get the cheat. When AppleScript is double-clicked, it opens in the MacOS Script Editor, where malicious functionality is placed inside the file.

Read the full article

Comments



Source link

اترك ردّاً

لن يتم نشر عنوان بريدك الإلكتروني. الحقول الإلزامية مشار إليها بـ *