New Atomic Malware On MacOS Targets Crypto Wallets

A new malware has been identified by security experts, which specifically targets MacOS devices. The malware aims to steal confidential information such as saved passwords, credit card numbers, and data from more than 50 cryptocurrency browser extensions. This has raised significant concerns about the security of MacOS devices. Reports suggest that cybercriminals are now able […]
A new malware has been identified by security experts, which specifically targets MacOS devices. The malware aims to steal confidential information such as saved passwords, credit card numbers, and data from more than 50 cryptocurrency browser extensions. This has raised significant concerns about the security of MacOS devices. Reports suggest that cybercriminals are now able […]

A new malware has been identified by security experts, which specifically targets MacOS devices. The malware aims to steal confidential information such as saved passwords, credit card numbers, and data from more than 50 cryptocurrency browser extensions. This has raised significant concerns about the security of MacOS devices.

Reports suggest that cybercriminals are now able to purchase a new malware specifically designed for macOS called ‘Atomic’ (also known as ‘AMOS’) through private Telegram channels. This malware is being sold via a subscription model, where cybercriminals can access the malware for $1,000 per month.

The fact that the malware is being sold through private channels also makes it difficult for security agencies to track its distribution and take necessary action.

In their report, Cyble, a Threat Intelligence Company stated,

The Atomic macOS Stealer can steal various types of information from the victim’s machine, including Keychain passwords, complete system information, files from the desktop and documents folder, and even the macOS password.

More About ‘Atomic’, The MacOS Malware

This newly discovered malware called ‘Atomic’ is being sold to cybercriminals. For a steep price of $1,000 per month, buyers can access a Disc Image File (DMG) file containing a 64-bit Go-based malware designed specifically to target macOS systems.

This malware has the capability to steal sensitive information such as keychain passwords, files from the local filesystem, passwords, cookies, and credit cards stored in browsers.

‘Atomic’ also has the ability to extract data from web browsers and cryptocurrency wallets, including popular ones like Atomic, Binance, Coinomi, Electrum, and Exodus.

In addition to these features, the developers of the malware also provide threat actors with a ready-to-use web panel for managing victims.

Upon execution, the malware prompts the victim to enter their system password on a fake prompt. This is done to escalate privileges and carry out malicious activities, which include stealing sensitive information from the victim’s macOS system.

The use of social engineering tactics such as a fake prompt to trick users into providing their system password highlights the need for user awareness and caution when downloading and executing files from unknown sources.

The researchers have analyzed a sample of the malware and found that the author has been actively developing it, with a new version released as recently as April 25, 2023. This malware is being actively developed and updated. Moreover, malware detection has proven to be challenging, as the DMG has been flagged as malicious by less than 2% of antivirus software.

Regarding distribution, buyers are tasked with establishing their own channels, which can comprise various methods such as phishing emails, malvertising, social media posts, instant messages, black hat SEO, infected torrents, and others.

MacOS