Hackers selling new malware on Telegram that targets macOS users
San Francisco, May 1: Threat actors are selling a new malware called — Atomic macOS Stealer (AMOS) on the Telegram channel to target macOS platforms, which is capable of extracting autofill information, passwords, wallets, and more.
According to Cyble Research and Intelligence Labs (CRIL), the Atomic macOS Stealer malware is specifically designed to target macOS and can steal sensitive information from the victim’s machine.
The researchers have recently discovered a Telegram channel advertising this new information-stealing malware.
Moreover, the report said that the hacker behind this stealer is constantly improving this malware and adding new capabilities to make it more effective.
The malware’s most recent update was seen in a Telegram post on April 25, highlighting its latest features.
According to the report, the Atomic macOS Stealer can steal various types of information from the victim’s machine, including keychain passwords, complete system information, files from the desktop and documents folder, and even the macOS password.
In addition, the malware is designed to target multiple browsers and can extract auto-fills, passwords, cookies, wallets, and credit card information. Specifically, AMOS can target cryptowallets such as Electrum, Binance, Exodus, Atomic, and Coinomi.
The threat actor also offers additional services such as a web panel for managing victims, meta mask brute-forcing to steal seed and private keys, a crypto checker, and a dmg installer, after which the logs are shared via Telegram.
These services are available for $1,000 per month.
However, the report mentioned that macOS users can protect their systems from AMOS malware by installing a .dmg file on their machines.
After installing, users will need to authenticate the installation with a user password with a fake system dialog box following installation.
Once installed, it will scan for sensitive information, which it will steal with the system password if necessary, and send to a remote server.