A new info-stealer malware has been identified, designed to steal a wide range of personal data, comprising local files, cookies, financial information, and passwords stored in macOS browsers. It's called Atomic macOS Stealer (aka AMOS, or simply Atomic), and its developer is constantly adding new capabilities to it.
The most recent update was issued on April 25. According to the Cyble research team, Atomic is available on a private Telegram channel for a $1,000 monthly fee.
A DMG installer file, a cryptocurrency checker, the brute-forcing program MetaMask, and a web panel to oversee assault campaigns are all provided to the customer.
The malicious DMG file is designed to avoid detection and has been identified as malware by only one (out of 59) AV engines on VirusTotal. When the victim runs this DMG file, it displays a password prompt disguised as a macOS system notice, encouraging the user to input the system password.
After getting the system password, it attempts to steal passwords stored in the default password management tool Keychain. This includes WiFi passwords, credit card information, site logins, and other critical information. Atomic is built with a variety of data-theft features, allowing its operators to target various browsers and crypto wallets, among other things.
It checks the system for installed applications in order to steal information from it. Cryptocurrency wallets (Binance, Electrum, Atomic, and Exodus) and web browsers (Google Chrome, Microsoft Edge, Firefox, Opera, Yandex, and Vivaldi) are among the programs targeted.
It also targets over 50 cryptocurrency wallet extensions, such as Coinbase, Yoroi, BinanceChain, Jaxx Liberty, and Guarda. Furthermore, it attempts to steal system information such as the Model name, RAM size, number of cores, serial number, UUID number, and others.
Atomic is another example of the growing number of cyber dangers threatening macOS. Researchers have already discovered two new threats, the RustBucket Malware and a new LockBit variation, indicating an interest in Apple's core operating system, which powers Mac computers.
As a result, it is past time for Mac users to recognise the growing threat and enhance their security posture.