Atomic macOS Stealer Malware Can Steal Keychain Info, Files, Browser Wallets and More

[MacRumors]

While Apple's Macs are less targeted by malware than Windows PCs, concerning Mac malware does pop up regularly. This week, there's new Mac malware out in the wild that Mac users should be aware of.

Called Atomic macOS Stealer (AMOS), the malware was found on Telegram by Cyble Research. A Telegram user was selling access to the malware, which is designed to steal sensitive information like usernames and passwords.

Whoever designed the Atomic macOS Stealer is working behind the scenes to improve it and add new functionality to make it more effective. In its current incarnation, AMOS is able to access keychain passwords, system information, files from the desktop and documents folder, and the password of the Mac.

It is able to infiltrate browser apps like Chrome and Firefox, extracting autofill information, passwords, cookies, wallets, and credit card information. Cryptowallets like Electrum, Binance, and Atomic are specific targets.

AMOS can be purchased with a web panel that makes it easy to manage malware targets, along with tools for brute-forcing private keys. The malware and accompanying services to make it easier to use against victims can be purchased on Telegram for $1,000 per month.

A .dmg file is used to get the malware on a victim's machine, and once installed, it immediately begins accessing sensitive information and sending it to a remote server. A fake system prompt is presented to get access to the system password, and it asks for access to files in the documents and desktop folders.

Because this requires a user to click on a .dmg file to install, Mac users can avoid the malware by not installing any kind of untrusted software from an unverified source. Cyble Research recommends installing software from the Mac App Store, using strong passwords and multi-factor authentication, and using biometric authentication where possible.

Users should also avoid opening links in emails, using caution whenever an app asks for permissions, and keeping devices, operating systems, and apps up to date.

Article Link: Atomic macOS Stealer Malware Can Steal Keychain Info, Files, Browser Wallets and More

 

[McKodiak]

Sounds like a great reason to only install from the App Store.

 

[LV426]

Next time macOS goes a bit loopy (literally) after an update and keeps asking you to re-enter your Apple ID password, you'd be justified in worrying that something like this is having a go at you.

 

[purplerainpurplerain]

That’s going to be more dramedy material for web3isgoinggreat.com

 

[matt_and_187_like_this]

Even malware is on a subscription model these days

 

[GenesisST]

It's Apple behind this to prove why it's better to keep the App Store only for iOS and then do the same for the Mac!

From totally unverified sources (my somehow damaged brain)

 

[alexandr]

Even malware is on a subscription model these days

Cancel any time you want

 

[AtomicDusk]

hey y’all, I just want to hijack this thread and say that I can’t wait for sideloading on iOS because you can put whatever you want on your Mac.
/s

 

[bcli4tech]

Is the seller going to get arrested ? I hope he does.

 

[natnorth]

Looking at that browser list... you can see why Chrome and pretty much all "competing" browsers based on chrome isn't great for web competition. Firefox is the only one of two on there that doesn't hand over passwords

 

[CarAnalogy]

What’s interesting to me is that it claims to be able to steal the user’s password. This should not be possible. When your password is entered it’s compared to the encrypted version, but they should not be able to take the encrypted version and turn it into plain text. I know that’s how it works on Unix and Windows. How is this possible?

Quick Edit: Unless they’re just tricking the user into entering it with a fake elevation prompt, of course.

 

[sw1tcher]

Sounds like a great reason to only install from the App Store.

It's Apple behind this to prove why it's better to keep the App Store only for iOS and then do the same for the Mac!

Except Apple allows crapware onto their Mac App store too

PSA: Watch Out for Fake ChatGPT Apps and Other Scams in the Mac App Store

There have long been complaints from developers and App Store users about apps that offer limited functionality and charge high prices in an effort...

www.macrumors.com

not to mention all the junk on their iOS App store

 

[TheYayAreaLiving 🎗️]

I only rely on Apple’s own Apple App Store on Mac. 💻

 

[HobeSoundDarryl]

Just be smart people. Generally, reliable software sellers are going to take care NOT to infect their customer's Macs with this kind of thing. That's very bad for THEIR business.

Shakier/shadier sources of software up the chances of picking something like this up.

Choose wisely.

 

[bigboy29]

Is now a good time to talk about that hilarious thing that Apple calls macOS firewall?

If you are running macOS you should really be running Lulu or something similar.

(this matters because you will be prompted about outgoing connection attempt)

 

[blazerunner]

That's ok, MacOS only has 7% global marketshare anyway. Eventhough it's a great OS and Apple's best product, for some stupid reason people flock to iPhones instead.

 

[BlackBun]

Is now a good time to talk about that hilarious thing that Apple calls macOS firewall?

If you are running macOS you should really be running Lulu or something similar.

(this matters because you will be prompted about outgoing connection attempt)

Never heard of lulu, please educate me.

 

[macfacts]

hey y’all, I just want to hijack this thread and say that I can’t wait for sideloading on iOS because you can put whatever you want on your Mac.
/s

Most apps I want to side load are open source emulators and I can compile them myself

 

[compwiz1202]

That's ok, MacOS only has 7% global marketshare anyway. Eventhough it's a great OS and Apple's best product, for some stupid reason people flock to iPhones instead.

Because the biggest MB is locked behind massive specs and pricing. You can get insane carrier deals on iPhones.

 

[ignatius345]

Just be smart people. Generally, reliable software sellers are going to take care NOT to infect their customer's Macs with this kind of thing. That's very bad for THEIR business.

Shakier/shadier sources of software up the chances of picking something like this up.

Choose wisely.

Thank you. I've been buying and using indie software for years. Use a little common sense and download things straight from the developer, and don't try to install cracked stuff off of shady websites.

Apple would LOVE for the big takeaway from this to be that people should only buy Mac software through a system that nets them 20% off the top of every purchase, with subscriptions strongly encouraged....

 

[0924487]

Is the seller going to get arrested ? I hope he does.

I think malware is legal. They are offered for educational and research purposes only. It's up to the user to use it for good or bad.

 

[DaPizzaMan]

That’s going to be more dramedy material for web3isgoinggreat.com

I just went down a rabbit hole from that link. Very interesting!

 

[t0rqx]

This is the reason why Apple needs to step up and improve the Mac App Store, cause it basically was served DOA on the Mac.

 

[purplerainpurplerain]

I just went down a rabbit hole from that link. Very interesting!

About $100-150 million worth of these tokens being stolen or scammed every month.

There is also a draining operating happening right now that is emptying old bitcoin and Ether wallets that haven’t been used for a long time and never been connected to these browser wallets. Nobody knows who is doing it or how they are doing it but my bet is that some machine learning AI and big data canter full of compute power is behind it. There are plenty of states with the resources to pull that off.

 

[nexx27]

Aren't the keychain passwords crypto-graphed?

What's the point of finger auth and typing a password if a stealer can steal the file with all the passwords????