The researchers have recently discovered a Telegram channel advertising this new information-stealing malware.News 

Hackers are selling new malware on Telegram that targets MacOS users

Threat actors are selling a new malware called Atomic macOS Stealer (AMOS) for macOS platforms on the Telegram channel, which is capable of extracting autofill information, passwords, wallets and more.

According to Cyble Research and Intelligence Labs (CRIL), the Atomic macOS Stealer malware is specifically designed to target macOS and can steal sensitive data from a victim’s machine.

Researchers have recently discovered a Telegram channel promoting this new data-stealing malware.

Also, according to the report, the hacker behind this thief is constantly improving this malware and adding new features to make it more powerful.

The malware’s latest update was seen in a Telegram message on April 25, highlighting its latest features.

According to the report, Atomic macOS Stealer can steal a variety of information from the victim’s machine, including keychain passwords, full system information, files from the desktop and documents folder, and even macOS passwords.

Additionally, the malware is designed to target multiple browsers and can extract autofills, passwords, cookies, wallet and credit card information. More specifically, AMOS can target crypto wallets such as Electrum, Binance, Exodus, Atomic and Coinomi.

The threat actor also offers additional services such as a web panel for victim management, metamask brute forcing to steal seed and private keys, a crypto checker, and a dmg installer, after which the logs are shared via Telegram.

These services are available for $1,000 per month.

However, the report mentioned that macOS users can protect their systems from AMOS malware by installing the .dmg file on their machines.

After installation, users must authenticate the installation with the user’s password using a fake system dialog.

Once installed, it searches for sensitive data, which it steals with the system password if necessary and sends to a remote server.

Read all the Latest Tech News here.

Related posts

Leave a Comment