加载中... --°C -- · --% · --
|
加载中... --°C -- · --% · --

Newly discovered PamStealer isn't your typical macOS malware

Newly discovered PamStealer isn't your typical macOS malware
摘要

研究人员发现一种新型macOS恶意软件PamStealer,它结合多种隐蔽技术感染Mac设备。该恶意软件分两阶段传播:第一阶段伪装成Maccy剪贴板管理器,以磁盘映像形式分发;第二阶段通过AppleScript执行,其恶意功能深藏于脚本文件中。PamStealer由Rust语言编写,利用macOS内置的PAM接口验证用户登录密码,随后将凭证发送至攻击者控制的

Researchers have found a never-before-seen piece of macOS malware that combines a series of clever tradecraft to infect Macs with stealthy, custom-developed credential-stealing code.

The malware is delivered in two stages. The first is distributed in a disk image that masquerades as Maccy, a clipboard manager for Macs. It’s compiled as AppleScript that is notable for the way it delivers the second stage. The malware is named PamStealer because the Rust-written infostealer uses the Pluggable Authentication Modules interface built into macOS to validate the target’s login password before sending it to an attacker-controlled server.

A quieter execution chain

The use of both disk image and AppleScript is common in malware for Macs. More unusual is the way PamStealer combines them to gain stealth. When the AppleScript is double-clicked, it’s opened in the macOS Script Editor, where the malicious functionality is buried deep within the file.

Read full article

Comments

转载信息
原文: Newly discovered PamStealer isn't your typical macOS malware (2026-07-02T19:38:57)
作者: Dan Goodin 分类: 科技
评论 (0)
登录 后发表评论

暂无评论,来留下第一条评论吧