New Mac Malware Campaign Targets Users for Data Theft

Security experts are warning Mac users about a new threat targeting their data. Researchers from Malwarebytes have uncovered a campaign distributing an updated version of the notorious Atomic Stealer malware, also known as AMOS. Initially focused on macOS, this infostealer has evolved to target more operating systems and steal a wider range of data.

In this latest campaign, threat actors distribute AMOS through various means, including fake software cracks, loaders, key generators, and by impersonating popular software manufacturers and tech companies. Malicious ads on Google, likely paid for with compromised accounts, lead unsuspecting victims to landing pages that convincingly impersonate major tech brands, tricking users into downloading the malware.

To bypass Apple’s built-in security feature, GateKeeper, victims receive downloaded files with instructions on how to open them. Notably, the malware is bundled within an ad-hoc signed app, making it immune to Apple certificate revocation.

 

 

Once executed, AMOS immediately steals data and transmits it to the attackers’ command-and-control servers. The stolen data includes passwords, autofills, user information, wallets, browser cookies, and keychain data.

Mac malware, while less prevalent than its Windows counterparts, poses a serious threat. The developers of AMOS have marketed its ability to evade detection as a selling point. To protect against such threats, experts recommend users carefully verify the origins of any downloaded programs and scrutinize the website source. Additionally, running an antivirus with real-time protection can help block malware before it can steal valuable data.

Staying vigilant and adopting robust cybersecurity practices are essential in safeguarding against evolving threats like AMOS.