Cybersecurity researchers have identified an updated version of a macOS information stealer called Atomic (or AMOS), indicating that the threat actors behind the malware are actively enhancing its capabilities.
“It looks like Atomic Stealer was updated around mid to late December 2023, where its developers introduced payload encryption in an effort to bypass detection rules,” Malwarebytes’ Jérôme Segura said in a Wednesday report.
Atomic Stealer first emerged in April 2023 for a monthly subscription of $1,000. It’s capable of harvesting sensitive information from a compromised host, including Keychain passwords, session cookies, files, crypto wallets, system metadata, and the machine’s password via a fake prompt.
Over the past several months, the malware has been observed propagated via malvertising and compromised sites under the guise of legitimate software and web browser updates.
Malwarebytes’ latest analysis shows that Atomic Stealer is now being sold for a hefty $3,000/month rental fee, with the actors running a promotion coinciding with Christmas, offering the malware for a discounted price of $2,000.
Besides incorporating encryption to thwart detection by security software, campaigns distributing Atomic Stealer have undergone a slight shift, wherein Google search ads impersonating Slack are used as conduits to deploy Atomic Stealer or a malware loader called EugenLoader (aka FakeBat) depending on the operating system.
It’s worth noting that a malvertising campaign spotted in September 2023 leveraged a fraudulent site for the TradingView charting platform to deliver NetSupport RAT, if visited from Windows, and Atomic Stealer, if the operating system is macOS.
The rogue Slack disk image (DMG) file, upon opening, prompts the victim to enter their system password, thereby allowing threat actors to gather sensitive information that are access-restricted. Another crucial aspect of the new version is the use of obfuscation to conceal the command-and-control server that receives the stolen information.
“As stealers continue to be a top threat for Mac users, it is important to download software from trusted locations,” Segura said. “Malicious ads and decoy sites can be very misleading though and it only takes a single mistake (entering your password) for the malware to collect and exfiltrate your data.”
________________________________________________
🚀 Dominate the Digital World with the Best Hosting in Argentina! 🚀
At Full Tech Solutions, we provide high-performance Cloud Hosting, perfect for entrepreneurs, businesses, and developers who need speed, security, and expert support.
✨ Lightning-Fast Speed: Your website will load in the blink of an eye.
🔒 Top-Notch Security: Advanced protection for your data and peace of mind for your business.
📞 24/7 Support: Our team of experts is always ready to help you.
Don’t just choose any hosting. Choose the best with Full Tech Solutions and stand out from the crowd.
🌐 Boost your online presence with Argentina’s most reliable hosting!
