A newly discovered piece of macOS malware, named PamStealer, has been found to combine a series of clever tactics to infect Macs with custom-developed credential-stealing code.
The malware is delivered in two stages, with the first stage distributed in a disk image that masquerades as a clipboard manager for Macs.
PamStealer uses the Pluggable Authentication Modules interface built into macOS to validate the target's login password before sending it to an attacker-controlled server, making it a quieter execution chain than typical malware.



