Atomic MacOS Stealer Takes Data from 50 Cryptocurrency Wallets

Atomic macOS Stealer
Written by William Reddy

Cyble analysts noticed that the attackers are advertising a new Atomic macOS Stealer (AMOS) infostealer, which, as the name implies, is focused on macOS.

Let me remind you that we also reported that Aurora Stealer Is Gaining Popularity among Hackers.

Atomic macOS Stealer is distributed via Telegram and costs $1,000 per month to subscribe.

Atomic macOS Stealer
Stealer ad

For this price, buyers receive a DMG file (Setup.dmg) containing a malware written in Go that is designed to steal passwords from the Keychain, files from the local file system, passwords, cookies, and bank card data stored in browsers. In addition, AMOS is trying to steal data from more than 50 cryptocurrency extensions and wallets, shutting down Binance, Coinomi, Electrum, and Exodus.

Criminals get access to a web panel for convenient data management of victims, the MetaMask brute-forcer, the DMG installer, and also have the opportunity to receive stolen information directly through Telegram.

It is worth noting that at the time of the release of the researchers’ report, the malicious DMG file was practically not detected by security products on VirusTotal.

The distribution of Atomic is entirely up to its “customers” themselves, which means it can use phishing emails, malicious ads, social media posts, SMS, black hat SEO techniques, torrents, and more.Cyble analysts write.

When executing a malicious DMG file, the malware displays a fake window for entering the system password, which allows its operators to gain elevated privileges on the victim’s system and proceed to collect data.

Atomic macOS Stealer

Interestingly, security experts from Trellix, who also studied this malware, noticed that the IP address associated with the Atomic C&C server and the assembly name overlap with Raccoon Stealer, which means that the same attackers may be behind these threats.

You might also be interested to know that Beta Version of Raccoon Stealer 2.0 Malware with Improved Features Is Available for Purchase, although the media wrote that US Authorities Announced the Arrest of a Ukrainian Who Developed Raccoon Malware.

About the author

William Reddy

I am from Ireland. My parents bought me a computer when I was 11, and several months after I have got a virus on this PC. I decided to enter the INSA Centre Val de Loire university after being graduated from the school. This French educational institution was offering a brand-new cybersecurity course. After getting the master's degree in cybersecurity, I've started working as a virus analyst in a little anti-malware vendor.

Leave a Comment