Malware That Targets macOS Being Advertised On Telegram Channel For $1000

A new macOS malware has been discovered that is capable of stealing sensitive information such as passwords and files and it was advertised on a Telegram channel for $1,000 per month. The macOS malware was found to be capable of extracting autofill information, passwords, wallets, cookies, credit card information, and more, according to researchers at Cyble Research and Intelligence Labs (CRIL).

Cyble Research and Intelligence Labs (CRIL) recently discovered a Telegram channel advertising a new information-stealing malware called Atomic macOS Stealer (AMOS). The malware is specifically designed to target macOS and can steal sensitive information from the victim’s machine.

"The TA behind this stealer is constantly improving this malware and adding new capabilities to make it more effective. The most recent update to the malware was highlighted in the Telegram post on April 25th, showcasing its latest features," Cyble wrote in a blog post.

"The TA also provides additional services such as a web panel for managing victims, meta mask brute-forcing for stealing seed and private keys, crypto checker, and dmg installer, after which it shares the logs via Telegram. These services are offered at a price of $1000 per month," Cyble added.

Moreover, the report said that the hacker behind this stealer is constantly improving this malware and adding new capabilities to make it more effective.

The malware's most recent update was seen in a Telegram post on April 25, highlighting its latest features.

According to the report, the Atomic macOS Stealer can steal various types of information from the victim's machine, including keychain passwords, complete system information, files from the desktop and documents folder, and even the macOS password.

In addition, the malware is designed to target multiple browsers and can extract auto-fills, passwords, cookies, wallets, and credit card information. Specifically, AMOS can target cryptowallets such as Electrum, Binance, Exodus, Atomic, and Coinomi.

The threat actor also offers additional services such as a web panel for managing victims, meta mask brute-forcing to steal seed and private keys, a crypto checker, and a dmg installer, after which the logs are shared via Telegram.

However, the report mentioned that macOS users can protect their systems from AMOS malware by installing a .dmg file on their machines. After installing, users will need to authenticate the installation with a user password with a fake system dialogue box following installation. Once installed, it will scan for sensitive information, which it will steal with the system password if necessary, and send to a remote server.