Currently, hackers are advertising for a malicious software that specializes in stealing information on macOS operating system called Atomic macOS Stealer (AMOS).
According to The Hacker News, AMOS joins Apple’s list of malware operating system targeting Apple’s macOS, which is advertised on Telegram for $1,000/month.
A report from Cyble researchers says that Atomic macOS Stealer can steal various types of information, including Keychain passwords, system information, files from documents and desktop folders, even macOS password.
Other features include the ability to extract data from web browsers and cryptocurrency wallets such as Atomic, Binance, Coinomi, Electrum and Exodus. AMOS tenants from developers are provided with a web console for victim management
This malware takes the form of an unsigned disk image file (Setup.dmg), which when executed will ask the victim for a system password to escalate privileges and perform its malicious activities, Technically similar to MacStealer.
The original form of intrusion used to distribute this malware is not clear, it is possible that users are tricked into downloading and executing it under the guise of legitimate software.
AMOS was sent to VirusTotal on April 24, 2023 as Notion-7.0.6.dmg, indicating that it is being said to be a popular note-taking app. Other samples discovered by MalwareHunterTeam were distributed under the names Photoshop CC 2023.dmg and Tor Browser.dmg.
Cyble says malware like Atomic macOS Stealer can be installed by exploiting vulnerabilities or hosted on phishing websites.
The personal information on the victim’s computer is collected by Atomic, compressed into a ZIP archive and sent to a control server. The ZIP file will be sent to the pre-configured Telegram channels.
This development is an indication that macOS is increasingly becoming a target for deploying stolen malware. Users should only download and install software from trusted sources, enable two-factor authentication, review app permissions, and limit the opening of suspicious links received via email or SMS
