A new info-stealer malware has been discovered, designed to steal a plethora of sensitive information, including local files, cookies, financial details, and passwords stored in browsers of macOS. Named Atomic macOS Stealer (aka AMOS, or simply Atomic), it is being actively enhanced with new features by its developer, and the latest update was released on April 25.

Atomic - expensive yet efficient

According to the Cyble research team, Atomic is available on a private Telegram channel for a subscription of an amount of $1,000 per month.
The buyer receives a DMG installer file, a cryptocurrency checker, the brute-forcing tool MetaMask, and a web panel to manage attack campaigns.
  • The malicious DMG file is designed to evade detection and is flagged as malware on just one (out of 59) AV engines on VirusTotal.
  • When this DMG file is executed by the victim, it displays a password prompt masquerading as a macOS system notification, urging the user to enter the system password.
  • After obtaining the system password, it attempts to steal the passwords stored in the default password manager utility Keychain. This includes passwords for WiFi, credit card details, web logins, and other sensitive information.

Key capabilities

Atomic is designed with several data-theft capabilities, allowing its operators to target multiple browsers and crypto wallets, among others.
  • It scans the system for the installed software to steal details from them. Targeted applications include cryptocurrency wallets (Binance, Electrum, Atomic, and Exodus) and web browsers (Google Chrome, Microsoft Edge, Firefox, Opera, Yandex, and Vivaldi).
  • It further targets more than 50 cryptocurrency wallet extensions, including Coinbase, Yoroi, BinanceChain, Jaxx Liberty, and Guarda.
  • In addition, it attempts to steal system information, including Model name, RAM size, count of cores, serial number, UUID number, and more.

Ending notes

Atomic is another example of the fact that an increasing number of cyber threats are looming over macOS. In the past week, researchers have already revealed two more threats, the RustBucket Malware and a new LockBit variant, showing interest in Apple’s primary OS powering Mac devices. Thus, it is high time for Mac users to realize the ever-increasing threat and tighten up their security posture.
Cyware Publisher

Publisher

Cyware