Mac Users Beware: Threat Actor Offers New AMOS Stealer on Telegram for Sale
Mac Users Beware: Threat Actor Offers New AMOS Stealer on Telegram for Sale
New information-stealing and cryptocurrency theft malware Atomic macOS Stealer (AMOS) is being sold on Telegram to target macOS platforms. Researchers from Cyble Research and Intelligence Labs (CRIL), report on AMOS identifying new capabilities continuously being added to the malware to increase its potency with the latest update to AMOS announced on April 25th, 2023. "The Atomic macOS Stealer can steal various types of information from the victim’s machine, including keychain passwords, complete system information, files from the desktop and documents folder, and even the macOS password. The stealer is designed to target multiple browsers and can extract auto-fills, passwords, cookies, wallets, and credit card information. Specifically, AMOS can target cryptowallets such as Electrum, Binance, Exodus, Atomic, and Coinomi," said CRIL.
When launched on the targeted system, a fake password prompt is opened to attempt to obtain the victim's system password and gain elevated privileges. The malware will then commence to extract passwords from Keychain, browser credentials, credit cards stored in the browser, system information and crypto wallet extensions. Data collected is zip and exfiltrated to the attacker's C2. These data theft capabilities are being offered for sale at the price of $1000. AMOS malware demonstrates an increase in cyber threats against the macOS platform. With its extensive range of capabilities, AMOS makes it easier for threat actors to distribute the malware through phishing emails and pages, thereby obtaining sensitive data from unsuspecting victims.