New Atomic Malware on MacOS Targets Crypto Wallets

Mac OS

smartphone malware concept. 3d rendering.

A new malware has been identified by security experts, which specifically targets MacOS devices. The malware aims to steal confidential information such as stored passwords, credit card numbers and data from more than 50 cryptocurrency browser extensions. This has raised significant concerns about the security of MacOS devices.

Reports suggest that cybercriminals are now able to purchase a new malware specifically designed for macOS called ‘Atomic’ (also known as ‘AMOS’) through private Telegram channels. This malware is sold via a subscription model, where cybercriminals can access the malware for $1,000 per month.

The fact that the malware is sold through private channels also makes it difficult for security agencies to track its distribution and take the necessary measures.

In their report, Cyble, a Threat Intelligence Company, stated

Atomic macOS Stealer can steal various types of information from the victim’s machine, including keychain passwords, full system information, files from the desktop and documents folder, and even the macOS password.

More on ‘Atomic’, MacOS Malware

This newly discovered malware called ‘Atomic’ is being sold to cybercriminals. For a hefty price of $1,000 per month, buyers can access a Disc Image File (DMG) file containing a 64-bit Go-based malware designed specifically to target macOS systems.

This malware has the ability to steal sensitive information such as keychain passwords, files from the local file system, passwords, cookies and credit cards stored in web browsers.

‘Atomic’ also has the ability to extract data from browsers and cryptocurrency wallets, including popular ones like Atomic, Binance, Coinomi, Electrum and Exodus.

In addition to these functions, the developers of the malware also provide threat actors with a ready-to-use web panel for handling victims.

When executed, the malware asks the victim to enter the system password on a fake message. This is done to escalate privileges and perform malicious activities, which include stealing sensitive information from the victim’s macOS system.

The use of social engineering tactics such as a fake message to trick users into entering their system password highlights the need for user awareness and caution when downloading and running files from unknown sources.

The researchers analyzed a sample of the malware and found that the author has been actively developing it, with a new version released as late as April 25, 2023. This malware is actively being developed and updated. Also, malware detection has proven to be challenging, as DMG has been flagged as malicious by less than 2% of antivirus software.

When it comes to distribution, buyers are tasked with establishing their own channels, which can include various methods such as phishing emails, malvertising, social media posts, instant messaging, black hat SEO, infected torrents, and others.

Bitcoin was priced at $29,100 on the one-day chart | Source: BTCUSD on TradingView

Featured image from iStock, chart from TradingView.com

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *