News Grower

Independent coverage of AI, startups, and technology.

Ars Technica Jul 2, 2026 at 19:38 Big Tech Rising Hot

Newly discovered PamStealer isn't your typical macOS malware

The discovery underscores the increased effort being poured into Mac infostealers.

Signal weather

Rising

Momentum is building quickly, so this card is a good early entry point into the topic.

By Dan Goodin Original source
Newly discovered PamStealer isn't your typical macOS malware

Researchers have found a never-before-seen piece of macOS malware that combines a series of clever tradecraft to infect Macs with stealthy, custom-developed credential-stealing code. The malware is delivered in two stages. The first is distributed in a disk image that masquerades as Maccy, a clipboard manager for Macs. It’s compiled as AppleScript that is notable for the way it delivers the second stage. The malware is named PamStealer because the Rust-written infostealer uses the Pluggable Authentication Modules interface built into macOS to validate the target’s login password before sending it to an attacker-controlled server. A quieter execution chain The use of both disk image and AppleScript is common in malware for Macs. More unusual is the way PamStealer combines them to gain stealth. When the AppleScript is double-clicked, it’s opened in the macOS Script Editor, where the malicious functionality is buried deep within the file. Read full article Comments

Stay on the signal

Follow Newly discovered PamStealer isn't your typical macOS malware

Follow this story beyond a single article: new follow-ups, adjacent sources, and the evolving storyline.

We send a confirmation link first, then only meaningful digests.

Story map

Understand this topic fast

A quick entry into the story: why it matters now, who is involved, and where to go next for context.

Why it matters now

Fresh coverage with immediate momentum.
There are already 6 connected articles in the same storyline to continue from here.
The story keeps orbiting around Ars Technica, Discovered, and Increased Effort, so the entity pages are the fastest way to build context.
Ars Technica already has 4 follow-up stories on the same theme.

Topic constellation

Open the live map for this story

See which entities, story threads, sources, and follow-up articles shape this story right now.

Click nodes to continue

Entity Cluster Article Hub Source

Story timeline

Continue with this story

A short sequence of events and follow-up stories to understand the arc quickly.

Jul 2, 2026 at 19:38 Ars Technica

Newly discovered PamStealer isn't your typical macOS malware

The discovery underscores the increased effort being poured into Mac infostealers.

Jul 2, 2026 at 17:29 Ars Technica

FAA proposal: Supersonic airliners can fly over US cities if they’re quiet

New US rules would legalize quiet supersonic flights without the sonic boom.

Jul 2, 2026 at 16:46 Ars Technica

Ars Live recap: When are the big rockets NASA desperately needs going to be ready?

I have not seen anyone put out a date for a new rocket, and actually hit it.

Jul 2, 2026 at 16:35 Ars Technica

Plex debuts 5-year membership pass for $250

Plex is pushing customers to newer features and more frequent payments.

Jul 2, 2026 at 16:30 Ars Technica

Africa CDC confirms Marburg case in Uganda as Ebola outbreak rages

Early reports indicate there may be another case, but spread is thought to be localized.

Jul 2, 2026 at 16:21 Ars Technica

Artificial cell manages a few rounds of cell division

It only works for a few divisions thanks to a lot of added materials.

How reliable this looks

Signal and trust for Ars Technica

This source works at a rapid pace: 100% of recent stories land in the hot window, and 0% carry visible search signal.

Trusted

Reliability

92

Freshness

100

Sources in storyline

1

Related articles

More stories that share tags, source, or category context.

More from Ars Technica

Fresh reporting and follow-up coverage from the same newsroom.

Open source page