U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Atomic macOS Stealer is advertised on Telegram for $1,000 per month

Atomic macOS Stealer is a new information stealer targeting macOS that is advertised on Telegram for $1,000 per month. Cyble Research and Intelligence Labs (CRIL) recently discovered a Telegram channel advertising a new information-stealing malware, named Atomic macOS Stealer (AMOS). The malware targets macOS, it was designed to steal sensitive information from the infected systems. The […]

Atomic Stealer

Atomic macOS Stealer is a new information stealer targeting macOS that is advertised on Telegram for $1,000 per month.

Cyble Research and Intelligence Labs (CRIL) recently discovered a Telegram channel advertising a new information-stealing malware, named Atomic macOS Stealer (AMOS). The malware targets macOS, it was designed to steal sensitive information from the infected systems.

Atomic macOS Stealer

The researchers reported that the Atomic macOS Stealer is constantly improved by its authors, the most recent update was announced via the Telegram channel on April 25th.

The Atomic macOS Stealer allows operators to can steal various types of information from the infected machines, including Keychain passwords, complete system information, files from the desktop and documents folder, and even the macOS password.

The malware is able to steal data from multiple browsers, including auto-fills, passwords, cookies, wallets, and credit card information. AMOS can target multiple cryptowallets such as Electrum, Binance, Exodus, Atomic, and Coinomi.

“The TA also provides additional services such as a web panel for managing victims, meta mask brute-forcing for stealing seed and private keys, crypto checker, and dmg installer, after which it shares the logs via Telegram. These services are offered at a price of $1000 per month.” reads the report published by Cyble.

The threat actors spread the malware in the form of a ‘.dmg’ file (Setup.dmg), upon executing it, the malicious code attempts to trick victims into entering their system password on a fake prompt. The malware also targets the password management tool using the main_keychain() function to extract sensitive information from the target machine.

Harvested data are compressed in a ZIP archive and encoded using Base64 format for exfiltration. The ZIP file is then sent to pre-configured Telegram channels.

“Due to its robust security features, macOS is the preferred operating system for numerous high-profile individuals. Targeting macOS is not a novel trend, and various malware families exist that specifically aim to infiltrate this operating system.” concludes the report. “Malware such as the Atomic macOS Stealer could be installed by exploiting vulnerabilities or hosting on phishing websites. Threat Actors can use the stolen data for espionage or financial gain. While not commonplace, macOS malwares can have devastating impacts on victims.”

Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections:

  • The Teacher – Most Educational Blog
  • The Entertainer – Most Entertaining Blog
  • The Tech Whizz – Best Technical Blog
  • Best Social Media Account to Follow (@securityaffairs)

Please nominate Security Affairs as your favorite blog.

Nominate here: https://docs.google.com/forms/d/e/1FAIpQLSfaFMkrMlrLhOBsRPKdv56Y4HgC88Bcji4V7OCxCm_OmyPoLw/viewform

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Atomic macOS Stealer)