MacOS is generally regarded as a more secure operating system when compared to Windows, thanks in part due to Apple’s stringent control over installing third-party apps and other safety measures. However, a new report from Cyble Research & Intelligence Labs suggests otherwise, as threat actors are now selling a new malware called ‘Atomic’ or ‘AMOS’ through private telegram channels for a monthly subscription of $1,000.
The report describes Atomic as a sophisticated malware packaged in a DMG file containing a 64-bit Go-based program. And for the price, subscribers also get a set of comprehensive tools to steal information from the victim. These tools include a ready-to-use web panel for managing victims, a MetaMask brute-forcer, a cryptocurrency checker, a DMG installer, and the ability to receive stolen logs on Telegram.
How does the malware work?
Once installed and executed, the malware displays a fake password prompt on the victim’s Mac to obtain the system password and gain privileges on the machine. Then it extracts the Keychain password and proceeds to steal information from cryptocurrency wallets, wallet extensions, web browsers, system information, and files stored on the Desktop. After gathering all the information, the malware zips the stolen data and sends it to the threat actor’s command and control server.
Moreover, to make matters worse, many antivirus engines did not flag Atomic as malware, emphasizing the need for improved detection methods for macOS malware, and threat actors are also updating the malware regularly to evade detection.
How to stay protected?
To keep your Mac protected from malware, it is essential to take some necessary precautions, including not downloading apps or software from third-party app stores, using strong passwords and 2FA, enabling biometric security features such as TouchID, not opening suspicious links in emails, keeping devices up to date, and using good antivirus software. As macOS gains more popularity, it’s now more important than ever for users to stay vigilant.