Crypto wallets are being hit by a new Mac infostealer

News
By published

Malware is being sold on Telegram for a thousand dollars per month

Bad Bots
(Image credit: Gonin / Shutterstock)

Security experts have raised warnings about a new piece of malware that targets MacOS devices to steal sensitive information including saved passwords, credit card numbers and data from over 50 cryptocurrency browser extensions.

Dubbed 'Atomic' - also known as 'AMOS' - the threat is being sold on the infamous encrypted messaging app Telegram, which has a reputation as a platform for sharing illicit material and content, for $1,000 per month.

It comes with several features that make it easier for threat actors to carry out their crimes, such as a web panel to help management their victims, a MetaMask brute-forcer, a cryptocurrency checker, a dmg installer, and the ability to receive stolen logs on Telegram.

Undetectable

Researchers at both Trellix and Cyble labs have been tracking the malware, and found that the latest version release was on April 25, suggesting that developments and updates are ongoing.

What's more, the tool is proving hard to detect, with under 2% of antivirus software flagging the dmg file as malicious. 

Threat actors can infect users with the malware via the usual methods, such as phishing emails, social media posts, malvertising campaigns, bad torrents and the like. 

When the victim opens the dmg file, they are given a fake prompt to enter their master password for their device, which the malware steals to gain entry. It then tries to steal user information saved in Apple's proprietary password manager Keychain. 

It then tries to steal information from installed software on the system, such desktop cryptocurrency wallets from the likes of Electrum, Binance, Exodus, and Atomic, as well as 50 other wallet extensions which include Trust Wallet, Exodus Web3 Wallet, Jaxx Liberty, and BinanceChain.

read more

> Crypto stealers target .NET developers in new campaign

> Major new crypto wallet phishing campaign targets Trezor users

> These are the best WhatsApp alternatives

Web browser data is also extracted, such as passwords and payment cards saved on Google Chrome, Mozilla Firefox, Microsoft Edge, Yandex, Opera, and Vivaldi. System information such as model name, serial numbers, hardware UUID, RAM size and core count is also scoured.

Atomic can also steal files directly from directories such as the Desktop and Documents folders. But in doing this, the malware has to request permission from the system, which the user is notified of, so this may give them opportunity to spot the infection. 

The stolen data is compressed into a zip file and sent to the command and control server of the threat actor, which, interestingly, has the same IP address as that used by the Raccoon Stealer, suggesting a link between the two. 

Apple devices aren't usually targeted as much with malware as Windows machines, but it appears this is beginning to change, as a recent report has claimed that such threats are on the rise.

TOPICS
Lewis Maddison
Lewis Maddison
Reviews Writer

Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, having spent over a decade exploring the murky depths of both PC building and music production. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.

Read more
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Mac users targeted with new malware, so be on your guard
Illustration of a laptop with a magnifying glass exposing a beetle on-screen
This devious macOS malware is evading capture by using Apple's own encryption
Android phone malware
Screen reading malware found in iOS app stores for first time - and it might steal your cryptocurrency
Ransomware
Microsoft spies a new and worrying macOS malware strain
Ransomware
Microsoft uncovers sleuthy new XCSSET MacOS malware campaign
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
These fake macOS updates are actually just looking to spread malware
Latest in Software & Services
woman listening to computer
AWS vs Azure: choosing the right platform to maximize your company's investment
Autonomous finance
Quickbooks vs Quicken: what are the main strengths and weaknesses for your business
Group of people meeting
Zoom vs Google Meet: which is the best video conferencing tool for your business?
Person at laptop
Windows 11 vs Windows 365: which is the best choice for businesses?
A man sitting at his desk in the evening and using a desktop computer
Office 2021 vs Office 2024: is it time to upgrade?
Microsoft 365 Business app logos
Office 2024 LTSC vs Microsoft 365 Business: what are the differences?
Latest in News
Super Mario Odyssey
ChatGPT is the ultimate gaming tool - here's 4 ways you can use AI to help with your next playthrough
Brad Pitt looks over his right shoulder with 'F1' written behind him
Apple Original Films will take you behind-the-scenes of a racing cockpit in this new thrilling F1 movie trailer
AI writer
Coding AI tells developer to write it himself
Reacher looking down at another character from the Prime Video TV series Reacher
Reacher season 3 becomes Prime Video’s biggest returning show thanks to Hollywood’s biggest heavyweight
Finger Presses Orange Button Domain Name Registration on Black Keyboard Background. Closeup View
I visited the world’s first registered .com domain – and you won’t believe what it’s offering today
Image showing detail of the Leica D-Lux 8
Still can't get a Fujifilm X100VI? This premium Leica compact costs less, and it's in stock
More about software services
Group of people meeting

Zoom vs Google Meet: which is the best video conferencing tool for your business?
woman listening to computer

AWS vs Azure: choosing the right platform to maximize your company's investment
Autonomous finance

Quickbooks vs Quicken: what are the main strengths and weaknesses for your business
See more latest
Most Popular
Finger Presses Orange Button Domain Name Registration on Black Keyboard Background. Closeup View
I visited the world’s first registered .com domain – and you won’t believe what it’s offering today
Super Mario Odyssey
ChatGPT is the ultimate gaming tool - here's 4 ways you can use AI to help with your next playthrough
Nokia 5G 360 Camera
This is the world's first 8K 5G 360 degrees camera - and it is also weatherproof
AI writer
Coding AI tells developer to write it himself
Data Breach
Thousands of healthcare records exposed online, including private patient information
Brad Pitt looks over his right shoulder with 'F1' written behind him
Apple Original Films will take you behind-the-scenes of a racing cockpit in this new thrilling F1 movie trailer
Google Messages update
Google Messages could soon follow WhatsApp with an upgrade that makes it much easier to join group chats
Reacher looking down at another character from the Prime Video TV series Reacher
Reacher season 3 becomes Prime Video’s biggest returning show thanks to Hollywood’s biggest heavyweight
Nvidia RTX 6000
Details of Nvidia's fastest video card ever leak; RTX Pro 6000 Blackwell GPU will have 96GB GDDR7 ECC memory
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks