According to a new report from Cyble Research and Intelligence Labs (CRIL), hackers have created new malware that targets macOS and steals important private data, such as passwords for keychains and macOS user accounts, system information, and files in the Desktop and Documents folder. .
Dubbed Atomic macOS Stealer (AMOS), the malware also targets browsers and looks for information such as usernames, passwords, credit card numbers, cookies, and more. CRIL’s research also found that AMOS is specifically targeting crypto wallets from Atomic, Binance, Coinomi, Electrum, Exodus, and others.
“The [threat actor] behind this thief, this malware is constantly improving and adding new capabilities to make it more effective,” said CRIL, who found AMOS on Telegram, a service that offers private massage channels. In one of these channels, the creators of AMOS advertised their malware for $1,000 a month. If someone were to enable AMOS, they would have access to the malware, as well as “a web panel for victim management, brute forcing metamasks for stealing seed and private keys, crypto checker and dmg installer, after which it logs the data via Telegram .”
AMOS is distributed via unsigned disk image (.dmg) files, which are common when downloading new apps. When the user opens the .dmg, it prompts them to enter the user password for their Mac, which activates the malware. The .dmg file may have file names that look legitimate. On VirusTotal, a website that analyzes suspicious files and tracks them in a database.
The CRIL report follows a report last week from MalwareHunterTeam, which found that a collective known as LockBit is working on ransomware encryptors that attack macOS. As Wired noted in its coverage of LockBit, threat actors are increasingly targeting Macs in an attempt to find new victims.
Apple has implemented protections within macOS, and the company releases security patches through OS updates, so it’s important to install them as soon as possible. When you download software, you should download it from trusted sources, such as the App Store (which performs security checks on the software) or directly from the developer. Macworld has several guides to help you, including a guide on whether or not you need antivirus software, a list of Mac viruses, malware, and trojans, and a comparison of Mac security software.