• Sat. Aug 19th, 2023

Malware has been discovered to steal data and cryptocurrency from macOS

Apr 27, 2023
Malware has been discovered to steal data and cryptocurrency from macOS
Esme Greene

Security researcher Trellix and cyber-threat experts at Cyble labs reported the discovery of a new malware aimed at stealing data from macOS users. Atomic, also known as AMOS, is distributed by attackers through closed Telegram channels. 

A monthly subscription to the tool costs $1,000. For that amount of money, the cybercriminal gets an extremely wide functionality to steal all kinds of information. In particular, Atomic can steal passwords and cookies in popular browsers (Google Chrome, Mozilla Firefox, Microsoft Edge, etc.), data from over 50 desktop cryptocurrency wallets and browser extensions (Electrum, Binance, Exodus, etc.), as well as system information and files, credit card data and much more. 

In addition, the kit includes a web panel to manage infected devices, MetaMask bruteforcer, cryptocurrency checker, and dmg installer. Attackers can get the stolen information send directly to Telegram.

Nevertheless, hackers who bought the software would have to worry about distributing Atomic themselves. Researchers report that hackers can use black CEO, phishing campaigns, and social engineering, among other things, for this purpose.

At the same time, the researchers note that the project is actively developing and its last version was released on April 25, 2023. It is highly probable that in the future, the functionality of the infostealer will expand even more.

How can users counter the threat?

At this point, this malware is extremely dangerous because most defense measures do not recognize it as a threat. According to researchers, on VirusTotal, only one of 59 AV engines flagged Atomic as a malicious file.

Nevertheless, users have a chance to counter the threat on their own by being vigilant. Once on the victim’s computer, Atomic displays a fake message stating the necessity to enter the system password to gain privileged access to the victim system. Moreover, if the infostealer tries to steal data directly from the file system, the macOS will also request permission from the user. Noticing such suspicious messages for no reason, the user may suspect malicious activity and take appropriate actions.