According to a new report by Cyble Research and Intelligence Labs (CRIL), hackers have created new malware that targets macOS and steals important, private information, such as keychain and macOS user account passwords, system information, and files on the Desktop and Documents folder.
Dubbed Atomic macOS Stealer (AMOS), the malware also targets browsers and looks for information such as user names, passwords, credit card numbers, cookies, and more. CRIL’s research also found that AMOS specifically targets crypto wallets by Atomic, Binance, Coinomi, Electrum, Exodus, and others.
“The [threat actor] behind this stealer is constantly improving this malware and adding new capabilities to make it more effective,” according to CRIL, which found AMOS on Telegram, a service that offers private massaging channels. In one of these channels, the creators of AMOS advertised their malware for $1,000 per month. If one were to enlist AMOS, they would have access to the malware, as well as “a web panel for managing victims, meta mask brute-forcing for stealing seed and private keys, crypto checker, and dmg installer, after which it shares the logs via Telegram.”
AMOS is spread through unsigned disk image files (.dmg), which are common when downloading new apps. When the user opens the .dmg, they are asked to enter the user password for their Mac, which then triggers the malware. The .dmg file can have file names that look legitimate–instances of false disk images labeled “Notion-7.0.6.dmg”, “Photoshop CC 2023.dmg”, and “Tor Browser.dmg” have been reported on VirusTotal, a website that analyzes suspicious files and tracks them in a database.
The CRIL report follows a report last week by MalwareHunterTeam, which discovered that a collective known as LockBit is working on ransomware encryptors that attack macOS. As Wired pointed out in its reporting of LockBit, threat actors are beginning to target Macs more frequently in an effort to find new victims.
Apple has protections in place within macOS and the company releases security patches through OS updates, so it’s important to install them as soon as possible. And as always, when downloading software, get it from trusted sources, such as the App Store (which makes security checks of its software) or directly from the developer. Macworld has several guides to help, including a guide on whether or not you need antivirus software, a list of Mac viruses, malware, and trojans, and a comparison of Mac security software.
Author: Roman Loyola, Senior Editor
Roman has covered technology since the early 1990s. His career started at MacUser, and he's worked for MacAddict, Mac|Life, and TechTV.