Attackers are promoting a new information-stealing program for Apple’s macOS operating system. Atomic macOS Stealer (or AMOS) is available on Telegram for $1,000/month, joining MacStealer and others.
“Atomic macOS Stealer can steal different types of information from a victim’s machine. ,” Cyble researchers said in a technical report.
Other features include the ability to extract data from web browsers and cryptocurrency wallets such as Atomic, Binance, Coinomi, Electrum and Exodus. Attackers who purchase the stealer from the developer are also provided with a ready-to-use web panel to manage their victims.
The malware takes the form of an unsigned disk image file (Setup.dmg) and when executed prompts the victim to enter the system password at a fake prompt, escalates privileges and creates a malicious carry out an activity. This technique is also used in his MacStealer. .
Although the initial intrusion vector used to distribute the malware is not immediately known, users may be manipulated into downloading and executing malware under the guise of legitimate software.
The Atomic Stealer artifact submitted to VirusTotal on April 24, 2023 is also named “Notion-7.0.6.dmg”, suggesting it is advertised as a popular note-taking app. .Other samples excavated Distributed by MalwareHunterTeam as “Photoshop CC 2023.dmg” and “Tor Browser.dmg”.
“Malware such as Atomic macOS Stealer can be installed by exploiting vulnerabilities or by hosting phishing websites,” Cyble said.
Learn how to stop ransomware with real-time protection
Join our webinar to learn how real-time MFA and service account protection can stop ransomware attacks.
Save my seat!
Atomic then collects system metadata, files, iCloud Keychain, and information stored in web browsers (passwords, autofills, cookies, credit card data, etc.) and cryptographic wallet extensions, all of which are stored in ZIP Compressed into an archive and sent. to a remote server. A ZIP file of compiled information is sent to a preconfigured Telegram channel.
This development is another sign that macOS is becoming a lucrative target for deploying stealer malware beyond nation-state hacking groups. Users should only download and install software from trusted sources, enable two-factor authentication, review app permissions, and exercise self-restraint. Protects against opening suspicious links received via email or her SMS messages.
