Skip to content
  Monday 23 June 2025
  • Home
  • Attack
  • Malware
  • Cloud
  • Data
  • Technology
  • World of tech
Trending
April 3, 2024How to Hire, Retain and Inspire Exceptional Employees December 19, 2023Tesla drivers had highest accident rate, BMW drivers most DUIs study finds May 5, 2025Cybercrime Cooperation Has Become More Regional July 29, 2024Health Benefits Administrator Hack Affects 4.3 Million December 31, 2024New U.S. DoJ Rule Halts Bulk Data Transfers to Adversarial Nations to Protect Privacy December 24, 2024How Will Health Data Privacy, Cyber Regs Shape Up in 2025? February 28, 2025Skype Will Shut Down on May 5, As Microsoft Shifts to Teams March 20, 2024US CISA Urges Preventative Actions Against Volt Typhoon December 4, 2023Microsoft Warns of Malvertising Scheme Spreading CACTUS Ransomware August 31, 2023Advances in AI Are Driving Major Changes in Cybersecurity
  • Home
  • Attack
  • Malware
  • Cloud
  • Data
  • Technology
  • World of tech
  Attack  Malvertising Campaign Spreads Atomic Stealer macOS Malware
Attack

Malvertising Campaign Spreads Atomic Stealer macOS Malware

adminadmin—September 7, 20230
FacebookTwitterPinterestLinkedInTumblrRedditVKWhatsAppEmail


Sep 07, 2023THNMalvertising / Endpoint Security

Atomic Stealer macOS Malware

A new malvertising campaign has been observed distributing an updated version of a macOS stealer malware called Atomic Stealer (or AMOS), indicating that it’s being actively maintained by its author.

An off-the-shelf Golang malware available for $1,000 per month, Atomic Stealer first came to light in April 2023. Shortly after that, new variants with an expanded set of information-gathering features were detected in the wild, targeting gamers and cryptocurrency users.

Malvertising via Google Ads has been observed as the primary distribution vector in which users searching for popular software, legitimate or cracked, on search engines are shown bogus ads that direct to websites hosting rogue installers.

The latest campaign involves the use of a fraudulent website for TradingView, prominently featuring three buttons to download the software for Windows, macOS, and Linux operating systems.

Cybersecurity

“Both the Windows and Linux buttons point to an MSIX installer hosted on Discord that drops NetSupport RAT,” Jérôme Segura, director of threat intelligence at Malwarebytes, said.

The macOS payload (“TradingView.dmg”) is a new version of Atomic Stealer released at the end of June, which is bundled in an ad-hoc signed app that, once executed, prompts users to enter their password on a fake prompt and harvest files as well as data stored in iCloud Keychain and web browsers.

Atomic Stealer macOS Malware
More stories

New macOS Malware TodoSwift Linked to North Korean Hacking Groups

August 21, 2024

Microsoft Releases PyRIT – A Red Teaming Tool for Generative AI

February 23, 2024

Take an Offensive Approach to Password Security by Continuously Monitoring for Breached Passwords

October 11, 2023

Microsoft Warns of Kremlin-Backed APT28 Exploiting Critical Outlook Vulnerability

December 5, 2023

“Atomic stealer also targets both Chrome and Firefox browsers and has an extensive hardcoded list of crypto-related browser extensions to attack,” SentinelOne previously noted in May 2023. Select variants have also targeted Coinomi wallets.

The ultimate goal of the attacker is to bypass Gatekeeper protections in macOS and exfiltrate the stolen information to a server under their control.

The development comes as macOS is increasingly becoming a viable target of malware attacks, with a number of macOS-specific info stealers appearing for sale in crimeware forums in recent months to take advantage of the wide availability of Apple systems in organizations.

UPCOMING WEBINAR

Way Too Vulnerable: Uncovering the State of the Identity Attack Surface

Achieved MFA? PAM? Service account protection? Find out how well-equipped your organization truly is against identity threats

Supercharge Your Skills

“While Mac malware really does exist, it tends to be less detected than its Windows counterpart,” Segura said. “The developer or seller for AMOS actually made it a selling point that their toolkit is capable of evading detection.”

Atomic Stealer is not the only malware propagated via malvertising and search engine optimization (SEO) poisoning campaigns, as evidence has emerged of DarkGate (aka MehCrypter) latching onto the same delivery mechanism.

New versions of DarkGate have since been employed in attacks mounted by threat actors employing tactics similar to that of Scattered Spider, Aon’s Stroz Friedberg Incident Response Services said last month.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

FacebookTwitterPinterestLinkedInTumblrRedditVKWhatsAppEmail

admin

Chinese social media campaigns are successfully impersonating U.S. voters, Microsoft warns
Cryptohack Roundup: Tornado Cash, Privacy Pools
Related posts
  • Related posts
  • More from author
Attack

Scattered Spider Behind Cyberattacks on M&S and Co-op, Causing Up to $592M in Damages

June 21, 20250
Attack

Qilin Ransomware Adds “Call Lawyer” Feature to Pressure Victims for Larger Ransoms

June 20, 20250
Attack

Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider

June 20, 20250
Load more

Whoops, you're not connected to Mailchimp. You need to enter a valid Mailchimp API key.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Read also
Data

Free Tools to Test Website Accessibility

June 22, 20250
Data

What the Rise of AI Web Scrapers Means for Data Teams

June 22, 20250
Attack

Scattered Spider Behind Cyberattacks on M&S and Co-op, Causing Up to $592M in Damages

June 21, 20250
Malware

Court Ditches HIPAA Reproductive Health Info Privacy Rule

June 21, 20250
Malware

Aflac attack – GovInfoSecurity

June 20, 20250
Malware

AdaCore Merges With CodeSecure for Unified Developer Tools

June 20, 20250
Load more

Recent Posts

  • Free Tools to Test Website Accessibility
  • What the Rise of AI Web Scrapers Means for Data Teams
  • Scattered Spider Behind Cyberattacks on M&S and Co-op, Causing Up to $592M in Damages
  • Court Ditches HIPAA Reproductive Health Info Privacy Rule
  • Aflac attack – GovInfoSecurity

    © 2022
    • Home
    • Attack
    • Cloud
    • Data
    • Malware
    • Technology
    • World of tech
    • Privacy
    • Contact