Security News > 2023 > April > New Atomic macOS Malware Steals Keychain Passwords and Crypto Wallets

Threat actors are advertising a new information stealer for the Apple macOS operating system called Atomic macOS Stealer on Telegram for $1,000 per month, joining the likes of MacStealer.

"The Atomic macOS Stealer can steal various types of information from the victim's machine, including Keychain passwords, complete system information, files from the desktop and documents folder, and even the macOS password," Cyble researchers said in a technical report.

The Atomic stealer artifact, submitted to VirusTotal on April 24, 2023, also bears the name "Notion-7.0.6.dmg," suggesting that it's being propagated as the popular note-taking app.

"Malware such as the Atomic macOS Stealer could be installed by exploiting vulnerabilities or hosting on phishing websites," Cyble noted.

Atomic then proceeds to harvest system metadata, files, iCloud Keychain, as well as information stored in web browsers and crypto wallet extensions, all of which are compressed into a ZIP archive and sent to a remote server.

The development is another sign that macOS is increasingly becoming a lucrative target beyond nation-state hacking groups to deploy stealer malware, making it imperative that users only download and install software from trusted sources, enable two-factor authentication, review app permissions, and refrain from opening suspicious links received via emails or SMS messages.

News URL

https://thehackernews.com/2023/04/new-atomic-macos-stealer-can-steal-your.html