MacOS information-stealing malware targets over 50 crypto wallets
A new information-stealing malware targeting MacOS is being distributed to cyber criminals through private Telegram channels for $1,000 (R18,350) a month, Bleeping Computer reports.
Known as “Atomic” or “AMOS”, buyers receive a DMG file containing a 64-bit Go-based malware that targets MacOS systems to steal keychain passwords, files, passwords, cookies, and credit cards stored in browsers.
It also targets more than 50 cryptocurrency extensions to steal credentials.
The malware seems somewhat advanced — criminals who buy it get access to a ready-to-use web panel to manage victims, a MetaMask brute-forcer, a cryptocurrency checker, and a DMG installer. They can also receive stolen logs on Telegram.
The project appears to be actively developed, with Trelix and Cyble Labs researchers noting that the author released a new malware version on 25 April 2023.
Bleeping Computer notes that the DMG file goes largely unnoticed on VirusTotal, with only one of 59 antivirus engines flagging the file.
It features a comprehensive set of data-stealing features. Upon executing the malicious DMG file, it presents a fake password prompt to obtain the system password.
It then attempts to access MacOS’ keychain password — the built-in password manager that keeps Wi-Fi passwords, website logins, and credit card data.
The Atomic Stealer malware proceeds to extract information from software running on the infected machine, including:
- Desktop cryptocurrency wallets — Electrum, Binance, Exodus, Atomic.
- Cryptocurrency wallet extensions — 50 extensions targeted in total.
- Web browser data — auto-fill information, passwords, cookies, and credit cards from multiple browsers.
- System information — model identifiers, hardware UUID, RAM size, core count, serial number, etc.
Now read: South Africa in world’s top 5 worst countries for cybercrime
Loading ...