- Microsoft IIS Servers Targeted by Lazarus - August 18, 2023
- AI-Powered Hacker Threats - August 18, 2023
- Attacks Against Ukraine and Poland Continue to Use the PicassoLoader Malware - August 18, 2023
New macOS malware, known as Atomic or AMOS, is being widely shared on secret Telegram channels at a monthly subscription cost of $1,000, according to reports by cybersecurity experts.
Customers who pay the membership charge receive a Setup.dmg file that contains 64-bit Go-based malware that may steal data from the local file system, credentials for the iCloud Keychain, cookies, credit card data from browsers, and more login details.
In addition, the malware includes support for more than 50 browser extensions used for controlling cryptocurrencies, which are increasingly targeted by cybercriminals.
Subscribers to the virus also have access to a ready-made web panel for easy victim management, the ability to upload stolen information to Telegram, and numerous other features.
As of the time of writing, the “.dmg” format Atomic malware file was mostly undetected on VirusTotal, with just one harmful detection among 59 antivirus modules.
Buyers of the infostealer can customize the distribution methods they use, including phishing emails, malicious ads, social media posts, instant messaging, black SEO, and malicious torrents.
Atomic Stealer boasts a range of data-stealing functions that give its users advanced capabilities for infiltrating the target system.
Upon executing the malicious Setup.dmg file, the malware produces a fake macOS system password prompt window that mimics a genuine one. By obtaining the desired password from the attackers, the virus can gain further access rights to the infected machine.
Even though macOS has a relatively low market share (15% against 75% for Windows on the desktop), researchers continue to collect information on attacks against Apple devices, as macOS remains a target for hackers.