Security News > 2023 > April > New Atomic macOS Malware Steals Keychain Passwords and Crypto Wallets
Threat actors are advertising a new information stealer for the Apple macOS operating system called Atomic macOS Stealer on Telegram for $1,000 per month, joining the likes of MacStealer.
"The Atomic macOS Stealer can steal various types of information from the victim's machine, including Keychain passwords, complete system information, files from the desktop and documents folder, and even the macOS password," Cyble researchers said in a technical report.
The Atomic stealer artifact, submitted to VirusTotal on April 24, 2023, also bears the name "Notion-7.0.6.dmg," suggesting that it's being propagated as the popular note-taking app.
"Malware such as the Atomic macOS Stealer could be installed by exploiting vulnerabilities or hosting on phishing websites," Cyble noted.
Atomic then proceeds to harvest system metadata, files, iCloud Keychain, as well as information stored in web browsers and crypto wallet extensions, all of which are compressed into a ZIP archive and sent to a remote server.
The development is another sign that macOS is increasingly becoming a lucrative target beyond nation-state hacking groups to deploy stealer malware, making it imperative that users only download and install software from trusted sources, enable two-factor authentication, review app permissions, and refrain from opening suspicious links received via emails or SMS messages.
News URL
https://thehackernews.com/2023/04/new-atomic-macos-stealer-can-steal-your.html
Related news
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- AI-Powered Rhadamanthys Stealer Targets Crypto Wallets with Image Recognition (source)
- Crypto-stealing malware campaign infects 28,000 people (source)
- macOS HM Surf vuln might already be under exploit by major malware family (source)
- Perfctl malware strikes again as crypto-crooks target Docker Remote API servers (source)
- Researchers Uncover Python Package Targeting Crypto Wallets with Malicious Code (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- New RustyAttr Malware Targets macOS Through Extended Attribute Abuse (source)