Atomic macOS Stealer (AMOS), a brand-new data-stealing virus targeting Apple’s macOS computing system, is currently being offered by hackers on Telegram for one thousand dollars a month. This new addition joins the likes of the MacStealer malware. According to Cyble researchers, the Atomic macOS Stealer can steal various information from the victim’s computer, including Keychain passwords, system information, files from the desktop, documents folder, and even the macOS password.
The virus is also capable of stealing information from many internet sites and digital currency wallets, including Atomic, Binance, Coinomi, Electrum, and Exodus. A readily available online interface for controlling sufferers is also available to hackers who buy this virus from its creators.
The disc photo file (Setup.dmg) containing the malicious software is unregistered. It tricked the user into typing their computer’s passcode on a fake popup once launched to elevate permissions and conduct unlawful actions. MacStealer also employs this method.
Also Read: “Google Takes Down CryptBot: Over 670K Computers Infected”
Although it may be tricked users into installing and operating viruses while pretending to be genuine programs, the first hacking vector that transmits the malicious software is not readily evident. The suffix “Notion-7.0.6.dmg,” which implies it has been spread as the well-known note-taking program, appears on the Atomic stealer artefact reported to VirusTotal on April 24, 2023. The “Photoshop CC 2023.dmg” and “Tor Browser.dmg” distribution formats are used by additional viruses discovered by the MalwareHunterTeam.
The virus captures systems information, documents, iCloud Keychain, data kept in internet browsers (such as login credentials, autofill, cookies, and payment card details), and plugins for crypto wallets once it has been run. Following the compression of all of the information, it is sent as a compressed ZIP file to a remote computer, which then goes to already set-up Telegram groups.
This development indicates that macOS is becoming an increasingly lucrative target for cybercriminals. Therefore, users must only download and install software from trusted sites, enable two-factor authentication, review app policy, and avoid opening suspicious links received via email or SMS.