macOS malware surge (PamStealer, CrashStealer)
Key Questions
What is PamStealer malware?
PamStealer is new macOS malware disguised as the clipboard manager Maccy, written in Rust and AppleScript. It delays 40 minutes to request Full Disk Access and verifies passwords via PAM before exfiltration.
How does CrashStealer evade macOS protections?
CrashStealer uses a signed, notarized dropper to bypass Gatekeeper and targets 80+ crypto wallets plus 14 password managers. It employs C++ and AES-GCM encryption with gated downloads.
What makes these macOS threats sophisticated?
Both PamStealer and CrashStealer represent advanced Mac-specific malware with delayed execution, social engineering, and targeted data theft. They highlight rising sophistication in macOS attacks.
New macOS malware: PamStealer disguises as clipboard manager Maccy, uses Rust and AppleScript, delays 40 minutes for Full Disk Access, verifies password via PAM before exfiltration. CrashStealer uses a signed, notarized dropper to bypass Gatekeeper, targets 80+ crypto wallets and 14 password managers, uses C++ and AES-GCM encryption, gated download behind meeting PIN. Both represent sophisticated Mac-specific threats.