April 28, 2023Rabbi LakshmananEndpoint Security / Cryptocurrency

Attackers are promoting a new information-stealing program for Apple’s macOS operating system. Atomic macOS Stealer (or AMOS) is available on Telegram for $1,000/month, joining MacStealer and others.

“Atomic macOS Stealer can steal many different types of information from a victim’s machine, including keychain passwords, full system information, desktop and Documents folder files, and even macOS passwords,” says Cyble. researchers said. Said in a technical report.

Other features include the ability to extract data from web browsers and cryptocurrency wallets such as Atomic, Binance, Coinomi, Electrum and Exodus. Attackers who purchase the stealer from the developer are also provided with a ready-to-use web panel to manage their victims.

The malware takes the form of an unsigned disk image file (Setup.dmg) and when executed prompts the victim to enter the system password at a fake prompt, escalates privileges and creates a malicious carry out an activity. This technique is also used in his MacStealer. .

Although the initial intrusion vector used to distribute the malware is not immediately known, users may be manipulated into downloading and executing malware under the guise of legitimate software.

Atomic Stealer Artifact, Submit to VirusTotal On April 24, 2023, it was also named “Notion-7.0.6.dmg”, suggesting it was advertised as a popular note-taking app.Other samples excavated By MalwareHunterTeamPhotoshop CC 2023.dmg” and “Tor Browser.dmg.”

“Malware such as Atomic macOS Stealer can be installed by exploiting vulnerabilities or by hosting phishing websites,” Cyble said.

upcoming webinars

Learn how to stop ransomware with real-time protection

Join our webinar to learn how real-time MFA and service account protection can stop ransomware attacks.

Save my seat!

Atomic then collects system metadata, files, iCloud Keychain, and information stored in web browsers (passwords, autofills, cookies, credit card data, etc.) and cryptographic wallet extensions, all of which are stored in ZIP Compressed into an archive and sent. to a remote server. A ZIP file of compiled information is sent to a preconfigured Telegram channel.

This development is another sign that macOS is becoming a lucrative target for deploying stealer malware beyond nation-state hacking groups. Users should only download and install software from trusted sources, enable two-factor authentication, review app permissions, and exercise self-restraint. Protects against opening suspicious links received via email or her SMS messages.

Did you find this article interesting?Please follow us twitter and LinkedIn To read more exclusive content that we post.



Register now for our membership to gain access to our elite training program and fast forward your career today!


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog