New macOS Malware ‘Atomic’ for Sale to Cybercriminals for $1,000 a Month

by | Apr 28, 2023 | News

Premium Content

Patreon
Subscribe to Patreon to watch this episode.
Reading Time: 3 Minutes

New ‘Atomic’ Malware Targets macOS Users for Information Theft and Cryptocurrency Fraud

A new strain of macOS malware is currently being offered for sale to cybercriminals via private Telegram channels. Named ‘Atomic’ aka ‘AMOS’, this malicious software is reportedly fetching a subscription of $1,000 per month from buyers interested in its information-stealing capabilities.

The Atomic malware arrives in the form of a DMG file containing a 64-bit Go-based application designed to target macOS systems. It is specifically intended to steal sensitive data from infected machines, including keychain passwords, files from the local filesystem, and various login credentials such as passwords, cookies, and credit card information that is stored in browsers.

Of particular note, the Atomic malware is designed to target over 50 different cryptocurrency extensions, making it a significant threat to cryptocurrency investors and traders. However, this is not the only data that it steals, as the malware is also capable of retrieving system information, model names, hardware UUIDs, RAM sizes, and serial numbers, among other sensitive data points.

Atomic's web panelAtomic’s web panel (Cyble)

See Also: So you want to be a hacker?
Offensive Security, Bug Bounty Courses

Atomic Malware for Sale on Telegram, Offers Comprehensive Data Theft Capabilities

Latest version of the malware promoted on TelegramLatest version of the malware promoted on Telegram (Cyble)

For the price, cybercriminals can also access a ready-to-use web panel for easy victim management, a MetaMask brute-forcer, a cryptocurrency checker, a dmg installer, and the ability to receive stolen logs via Telegram. The Atomic Stealer provides a comprehensive array of data-theft features, offering its operators enhanced opportunities to penetrate deeper into the target system.

Extracting the Keychain passwordExtracting the Keychain password (Cyble)

Although macOS is not typically at the epicenter of malicious info-stealer activity, like Windows, it is increasingly being targeted by threat actors of all skill levels. North Korean APT groups recently deployed a novel macOS info-stealer in the 3CX supply chain attack, illustrating that Macs are now a target for even state-sponsored hacking groups.

The Atomic malware was recently spotted by security researchers at Trellix and Cyble labs, who analyzed a sample of the malware and reported that the author released a new version on April 25, 2023, indicating that this is an actively developed project.

Exfiltrating the stolen dataExfiltrating the stolen data (Cyble)

Only one out of 59 AV engines flag Atomic on VirusTotal 

At the time of writing, the malicious dmg file goes largely undetected on VirusTotal, where only one out of 59 AV engines flag it as malicious.
Buyers of the malware are responsible for setting up their own channels, which may include phishing emails, malvertizing, social media posts, instant messages, black SEO, laced torrents, and more.

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link

Merch

Recent News

EXPLORE OUR STORE

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!


Information Security Solutions

Find out how Pentesting Services can help you.


Join our Community

Share This