Security News > 2023 > April > New Atomic macOS Malware Steals Keychain Passwords and Crypto Wallets

Threat actors are advertising a new information stealer for the Apple macOS operating system called Atomic macOS Stealer on Telegram for $1,000 per month, joining the likes of MacStealer.
"The Atomic macOS Stealer can steal various types of information from the victim's machine, including Keychain passwords, complete system information, files from the desktop and documents folder, and even the macOS password," Cyble researchers said in a technical report.
The Atomic stealer artifact, submitted to VirusTotal on April 24, 2023, also bears the name "Notion-7.0.6.dmg," suggesting that it's being propagated as the popular note-taking app.
"Malware such as the Atomic macOS Stealer could be installed by exploiting vulnerabilities or hosting on phishing websites," Cyble noted.
Atomic then proceeds to harvest system metadata, files, iCloud Keychain, as well as information stored in web browsers and crypto wallet extensions, all of which are compressed into a ZIP archive and sent to a remote server.
The development is another sign that macOS is increasingly becoming a lucrative target beyond nation-state hacking groups to deploy stealer malware, making it imperative that users only download and install software from trusted sources, enable two-factor authentication, review app permissions, and refrain from opening suspicious links received via emails or SMS messages.
News URL
https://thehackernews.com/2023/04/new-atomic-macos-stealer-can-steal-your.html
Related news
- Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems (source)
- MassJacker malware uses 778,000 wallets to steal cryptocurrency (source)
- Microsoft: New RAT malware used for crypto theft, reconnaissance (source)
- Microsoft Warns of StilachiRAT: A Stealthy RAT Targeting Credentials and Crypto Wallets (source)
- New Crocodilus malware steals Android users’ crypto wallet keys (source)
- Malicious npm Package Targets Atomic Wallet, Exodus Users by Swapping Crypto Addresses (source)
- Crypto Developers Targeted by Python Malware Disguised as Coding Challenges (source)
- Node.js Malware Campaign Targets Crypto Users with Fake Binance and TradingView Installers (source)
- Docker Malware Exploits Teneo Web3 Node to Earn Crypto via Fake Heartbeat Signals (source)
- North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures (source)