'MacOS Stealer' malware can steal iCloud passwords, credit cards, and crypto wallets

Malicious actors are currently marketing a new malware dubbed "Atomic macOS Stealer" as a service, which could pose an even greater threat.

This year, several reports have been released regarding the state of malware affecting Macs. One such report came from Malwarebytes, which analyzed the current state of malware on macOS. Another report from Elastic Security Labs showed that only 6% of all malware affects Macs, but despite this relatively low number, threat actors are actively designing malware specifically for macOS. It is important for Mac users to stay vigilant and take necessary precautions to prevent becoming a victim of such attacks.

Earlier this year, Mac users were hit with the MacStealer malware, which was a powerful threat to the security of macOS. However, it was less of a risk overall as macOS Gatekeeper was expected to block its installation. However, a new macOS Stealer malware called Atomic macOS Stealer (AMOS) was recently discovered by Cyble Research & Intelligence Labs, which is being advertised for sale on Telegram. The threat actor marketing the malware is regularly updating it and charging a monthly fee of $1,000.

AMOS is a particularly concerning piece of malware as it has the capability to compromise a long list of items on a Mac. This includes iCloud Keychain passwords, the macOS system password, cookies, passwords, and credit card details from popular web browsers like Chrome, Firefox, Brave, Edge, Opera, and many more. Additionally, it can also compromise crypto wallets such as Atomic, Binance, Exodus, Electrum, MetaMask, and others. The seller of the malware offers a web panel, Brute MetaMask tool, logs in Telegram with notifications, and other features to buyers.

Notably, Cyble didn't mention macOS Gatekeeper as offering protection for the new AMOS in its technical analysis, so it could prove to be more dangerous than MacStealer. This underscores the importance of staying vigilant and taking precautions against malware attacks.

To protect against AMOS and other malware, Cyble recommends downloading and installing software only from the official Apple App Store, using reputable antivirus and internet security software packages, enforcing multi-factor authentication wherever possible, using strong passwords, enabling biometric security features like fingerprint or facial recognition to unlock the device, being wary of opening any links received via emails, being careful while enabling any permissions, and keeping your devices, operating systems, and applications updated.

If you're concerned that your Mac may be infected with malware, you can check it for free using the Malwarebytes app. The app is designed to identify and remove any malware or adware that may be lurking on your system, helping to keep you and your data safe.