Categories
Apple Apps Business Developer Face ID Finance Google Hack Hacks Hardware Legal Mac macOS Malware Microsoft News photos Pictures privacy retail security Software Windows

Atomic macOS Stealer malware found in the wild, being offered for sale via Telegram posts

Following up on the MacStealer software that surfaced for macOS earlier this year and was able to compromise iCloud Keychain passwords, credit card information, files, and more, a new malware called Atomic macOS Stealer is being sold as a service to malicious parties that may be more threatening.

According to a report from Malwarebytes as well as another study from Elastic Security Labs, while as little as 6 percent of all malware might affect Macs, there are still threat actors out there.

Cyble Research & Intelligence Labs (via MacRumors) recently found the new Atomic macOS Stealer (AMOS) malware as it was advertised for sale on Telegram. The threat actor marketing it is regularly updating the malware and is charging $1,000/month for it.
Notably, Cyble didn’t mention Apple’s macOS Gatekeeper feature as offering protection for the new AMOS in its technical analysis, so it could prove more dangerous than MacStealer.

If installed, AMOS can compromise a long list of items including iCloud Keychain passwords; the macOS system password; cookies, passwords, and credit card details from Chrome, Firefox, Brave, Edge, Opera, and more. It can also compromise crypto wallets including Atomic, Binance, Exodus, Electrum, MetaMask, and many more.

The malicious party currently selling the malware as a service also includes a web panel, Brute MetaMask tool, logs in Telegram with notifications, and other services to buyers.

The software is currently being marketed to potential customers via Telegram.

Following installation, the software compromises a user’s information, compresses the data into a ZIP file and sends it back to the malicious party through a C&C server URL.

Cyble has offered the following tips as to how to keep safe from AMOS and other stands of malware available for your Mac:

  • Download and install software only from the official Apple App Store.
  • Use a reputed antivirus and internet security software package on your system.
  • Use strong passwords and enforce multi-factor authentication wherever possible.
  • Enable biometric security features such as fingerprint or facial recognition for unlocking the device wherever possible.
  • Be wary of opening any links received via emails delivered to you.
  • Be careful while enabling any permissions.
  • Keep your devices, operating systems, and applications updated.

Stay tuned for additional details as they become available.

Via 9to5Mac, Malwarebytes, MacRumors, and Cyble