Atomic Threat Alert: New Atomic Stealer Steals More, Hides Better
Cybersecurity researchers at Malwarebytes have identified an updated version of a pernicious malware targeting macOS, known as Atomic Stealer (AMOS). The frequent updates indicate the malefactors’ active pursuit of refining the functionalities of this information-stealing software.
According to specialist Jerome Segura, the Atomic Stealer was updated around the end of 2023. Its developers have incorporated encryption of the payload to elude detection.
First emerging in April 2023, Atomic Stealer initially offered subscriptions for $1,000 per month. This program is adept at gathering confidential information from infected devices, including passwords, session cookies, cryptocurrency wallets, system metadata, and the device’s password.
In recent months, the spread of this malware has been observed through fraudulent advertising and compromised websites, masquerading as legitimate software and web browser updates.
Malwarebytes’ latest analysis reveals that Atomic Stealer malware is now being sold for $3,000 per month, with a recent Christmas promotion reducing the price to $2,000.
In addition to integrating encryption to avoid detection, the distribution campaigns of Atomic Stealer have also evolved. Malefactors are now utilizing Google advertisements disguised as Slack, with Atomic Stealer often infiltrating victims’ computers via the malicious downloader, EugenLoader.
In September 2023, researchers noticed a deceptive advertising campaign using a fake TradingView platform site to deliver the NetSupport RAT on Windows and Atomic Stealer on macOS.
A counterfeit Slack disk image (DMG) prompts the victim to enter their system password upon opening, enabling the attackers to harvest confidential information. A key feature of the new version is the use of obfuscation to conceal the command and control server receiving the stolen data.
Malwarebytes emphasizes the importance for Mac users to download software only from reliable sources. However, fraudulent advertising and deceptive sites can mislead users, and even a single mistake, such as entering the system password, can lead to data theft and other unpleasant consequences.