Atomic macOS Malware: Stealing Your Passwords and Crypto Wallets.

Reading Time: ( Word Count: )

April 28, 2023

Atomic macOS Stealer (AMOS), a brand-new data-stealing virus targeting Apple’s macOS computing system, is currently being offered by hackers on Telegram for one thousand dollars a month. This new addition joins the likes of the MacStealer malware. According to Cyble researchers, the Atomic macOS Stealer can steal various information from the victim’s computer, including Keychain passwords, system information, files from the desktop, documents folder, and even the macOS password.

The virus is also capable of stealing information from many internet sites and digital currency wallets, including Atomic, Binance, Coinomi, Electrum, and Exodus. A readily available online interface for controlling sufferers is also available to hackers who buy this virus from its creators.

The disc photo file (Setup.dmg) containing the malicious software is unregistered. It tricked the user into typing their computer’s passcode on a fake popup once launched to elevate permissions and conduct unlawful actions. MacStealer also employs this method.

Also Read: “Google Takes Down CryptBot: Over 670K Computers Infected”

Atomic macOS Malware

Although it may be tricked users into installing and operating viruses while pretending to be genuine programs, the first hacking vector that transmits the malicious software is not readily evident. The suffix “Notion-7.0.6.dmg,” which implies it has been spread as the well-known note-taking program, appears on the Atomic stealer artefact reported to VirusTotal on April 24, 2023. The “Photoshop CC 2023.dmg” and “Tor Browser.dmg” distribution formats are used by additional viruses discovered by the MalwareHunterTeam.

The virus captures systems information, documents, iCloud Keychain, data kept in internet browsers (such as login credentials, autofill, cookies, and payment card details), and plugins for crypto wallets once it has been run. Following the compression of all of the information, it is sent as a compressed ZIP file to a remote computer, which then goes to already set-up Telegram groups. 

This development indicates that macOS is becoming an increasingly lucrative target for cybercriminals. Therefore, users must only download and install software from trusted sites, enable two-factor authentication, review app policy, and avoid opening suspicious links received via email or SMS.

Lucas Maes

Lucas Maes


Cybersecurity guru, encryption wizard, safeguarding data with 10+ yrs of IT defense expertise. Speaker & author on digital protection.

Other interesting articles

Automated vs Manual Penetration Testing

Automated vs Manual Penetration Testing

Pentesting is largely divided into two methodologies: Automated vs Manual Penetration Testing. Both have ...
8 Steps in Penetration Testing You Should Know

8 Steps in Penetration Testing You Should Know

Mastering the art of penetration testing has become a critical ability for security experts to combat cyber ...
Spear Phishing vs Whaling: What is the Difference

Spear Phishing vs Whaling: What is the Difference

Spear phishing is a particularly devious type of phishing assault in which the individual targeted plays a ...

Submit a Comment

Your email address will not be published. Required fields are marked *