{"id":489353,"date":"2023-04-28T11:58:52","date_gmt":"2023-04-28T09:58:52","guid":{"rendered":"https:\/\/mybroadband.co.za\/news\/?p=489353"},"modified":"2023-04-28T12:04:45","modified_gmt":"2023-04-28T10:04:45","slug":"macos-information-stealing-malware-targets-over-50-crypto-wallets","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/489353-macos-information-stealing-malware-targets-over-50-crypto-wallets.html","title":{"rendered":"MacOS information-stealing malware targets over 50 crypto wallets"},"content":{"rendered":"<p>A new information-stealing malware targeting MacOS is being distributed to cyber criminals through private Telegram channels for $1,000 (R18,350) a month, Bleeping Computer <strong><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-atomic-macos-info-stealing-malware-targets-50-crypto-wallets\/\" target=\"_blank\" rel=\"noopener\">reports<\/a><\/strong>.<\/p>\n<p>Known as &#8220;Atomic&#8221; or &#8220;AMOS&#8221;, buyers receive a DMG file containing a 64-bit Go-based malware that targets MacOS systems to steal keychain passwords, files, passwords, cookies, and credit cards stored in browsers.<\/p>\n<p>It also targets more than 50 cryptocurrency extensions to steal credentials.<\/p>\n<p>The malware seems somewhat advanced \u2014 criminals who buy it get access to a ready-to-use web panel to manage victims, a MetaMask brute-forcer, a cryptocurrency checker, and a DMG installer. They can also receive stolen logs on Telegram.<\/p>\n<p>The project appears to be actively developed, with Trelix and Cyble Labs researchers noting that the author released a new malware version on 25 April 2023.<\/p>\n<p>Bleeping Computer notes that the DMG file goes largely unnoticed on VirusTotal, with only one of 59 antivirus engines flagging the file.<\/p>\n<p>It features a comprehensive set of data-stealing features. Upon executing the malicious DMG file, it presents a fake password prompt to obtain the system password.<\/p>\n<p>It then attempts to access MacOS&#8217; keychain password \u2014 the built-in password manager that keeps Wi-Fi passwords, website logins, and credit card data.<\/p>\n<p>The Atomic Stealer malware proceeds to extract information from software running on the infected machine, including:<\/p>\n<ul>\n<li><strong>Desktop cryptocurrency wallets<\/strong> \u2014 Electrum, Binance, Exodus, Atomic.<\/li>\n<li><strong>Cryptocurrency wallet extensions<\/strong> \u2014 50 extensions targeted in total.<\/li>\n<li><strong>Web browser data<\/strong> \u2014 auto-fill information, passwords, cookies, and credit cards from multiple browsers.<\/li>\n<li><strong>System information<\/strong> \u2014 model identifiers, hardware UUID, RAM size, core count, serial number, etc.<\/li>\n<\/ul>\n<hr \/>\n<h3 class=\"my-4\">Now read: <a href=\"https:\/\/mybroadband.co.za\/news\/security\/489183-south-africa-in-worlds-top-5-worst-countries-for-cybercrime.html\" rel=\"bookmark\">South Africa in world&#8217;s top 5 worst countries for cybercrime<\/a><\/h3>\n","protected":false},"excerpt":{"rendered":"<p>The malware is distributed through private Telegram channels for $1,000 a month.<\/p>\n","protected":false},"author":341076,"featured_media":487973,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[85867,85869,85865,49375,76454,46153,50833,36626],"class_list":["post-489353","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-amos","tag-atomic","tag-atomic-stealer","tag-binance","tag-cryptocurrency-hack","tag-electrum","tag-exodus","tag-macos"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/489353"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/341076"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=489353"}],"version-history":[{"count":1,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/489353\/revisions"}],"predecessor-version":[{"id":489369,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/489353\/revisions\/489369"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/487973"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=489353"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=489353"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=489353"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}