Alert for Mac Users: A Malvertising Campaign spreads Atomic Stealer macOS Malware

Home/BOTNET, Evilproxy, Exploitation, infostealer, Internet Security, malicious cyber actors, Malicious extension, Malware, Security Advisory, Security Update/Alert for Mac Users: A Malvertising Campaign spreads Atomic Stealer macOS Malware

Alert for Mac Users: A Malvertising Campaign spreads Atomic Stealer macOS Malware

A fresh malvertising campaign has come to light, disseminating an updated variant of macOS stealer malware known as Atomic Stealer (AMOS). This discovery suggests active maintenance by its author.

Atomic Stealer macOS Malware

Atomic Stealer, an off-the-shelf Golang malware priced at $1,000 per month, initially surfaced in April 2023. Shortly thereafter, new iterations with enhanced information-gathering capabilities emerged in the wild, with a focus on gamers and cryptocurrency enthusiasts.

Malvertising through Google Ads has emerged as the leading distribution method, with users seeking popular software, whether legitimate or cracked, on search engines encountering deceptive ads that redirect them to websites hosting unauthorized installers.

The latest campaign involves the use of a fraudulent website for TradingView, prominently featuring three buttons to download the software for Windows, macOS, and Linux operating systems.

The macOS payload, labeled “TradingView.dmg,” is a recent iteration of Atomic Stealer introduced at the end of June.

It is concealed within an ad-hoc signed application that, when activated, tricks users into entering their password through a fake prompt, subsequently collecting files and data from iCloud Keychain and web browsers.

“Atomic Stealer, as reported by SentinelOne in May 2023, not only targets Chrome and Firefox browsers but also maintains an extensive hardcoded list of crypto-related browser extensions for exploitation. Additionally, certain variants have been observed targeting Coinomi wallets.”

The attacker’s primary objective is to circumvent macOS Gatekeeper protections and transmit the pilfered data to a server they control.

This development coincides with macOS becoming an increasingly attractive target for malware attacks. In recent months, numerous macOS-specific information stealers have surfaced in crimeware forums, exploiting the prevalence of Apple systems in various organizations.

“While Mac malware is a reality, it often goes undetected compared to Windows malware,” noted Segura, adding that the AMOS developer emphasized its toolkit’s ability to evade detection.

Atomic Stealer is not the sole malware distributed through malvertising and SEO poisoning campaigns; there’s evidence of DarkGate (also known as MehCrypter) leveraging the same delivery method.

Indicators of Compromise







About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!