A new macOS malware capable to steal your keychain Passwords.
The security researchers found a new cyber threat actor named Atomic macOS (AMOS).
macOS malware Research
The undetectable Golang-based stealer emerges and baffles security vendors, detected by Cyble Research and Intelligence Lab (CRIL). The malware is sold on the Telegram channel for $1000 USD.
After installation, the user needs to authenticate with the password with a malicious system dialog box. Once installation is completed, it scans the system for sensitive information to steal and sends it to a cyber threat actor remote server.
In recent years, macOS has been the most secure operating system today, but it become popular for Cybercriminals to target on macOS platforms. Previously cyber threat actors tried to target macOS with various malicious activities.
How it works?
The Atomic macOS Stealer can steal various information from the victim’s machine, including keychain passwords, complete system information, files from the desktop and documents folder, and even the macOS password. The stealer is designed to target multiple browsers and can extract auto-fills, passwords, cookies, wallets, and credit card information. Specifically, AMOS can target crypto wallets such as Electrum, Binance, Exodus, Atomic, and Coinomi”, said Cyble.
AMOS can steal the data, which includes passwords saved in the Keychain, system details, files from the desktop and documents folder, and even the macOS user password.
It is specifically to target popular browsers like Firefox and Chrome. It can effortlessly extract auto-fills, passwords, cookies, wallets, and credit card information from browsers.
How To Remove Mac Malware ? – Read here