A new info-stealer malware has been identified, designed to steal a wide range of personal data, comprising local files, cookies, financial information, and passwords stored in macOS browsers. It’s called Atomic macOS Stealer (aka AMOS, or simply Atomic), and its developer is constantly adding new capabilities to it.
The most recent update was issued on April 25. According to the Cyble research team, Atomic is available on a private Telegram channel for a $1,000 monthly fee.
A DMG installer file, a cryptocurrency checker, the brute-forcing program MetaMask, and a web panel to oversee assault campaigns are all provided to the customer.
The malicious DMG file is designed to avoid detection and has been identified as malware by only one (out of 59) AV engines on VirusTotal. When the victim runs this DMG file, it displays a password prompt disguised as a macOS system notice, encouraging the user to input the system password.
After getting the system password, it attempts to steal passwords stored in the default password management tool Keychain. This includes WiFi passwords, credit card information, site logins, and other critical information. Atomic is built with a variety of data-theft features, allowing its operators to target various browsers and crypto wallets, among other things.
It checks the system for installed applications in order to steal information from it. Cryptocurrency wallets (Binance, Electrum, Atomic, and Exodus) and web browsers (Goo
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: