Atomic macOS Stealer (Amos): A new Mac malware being sold via Telegram

Malware attacks on Apple’s Macs are less common than on Windows PCs, yet new Mac malware does emerge on occasion. Atomic, commonly referred to as Atomic macOS Stealer (AMOS), is a malicious application that has been targeting Mac OSes since April 2023. It is categorized as a stealer, a type of malware that takes information from infected systems and exfiltrates it.

Buyers of the malware receive a DMG file with a 64-bit Go-based malware programme designed to target macOS systems and steal keychain passwords, files from the local filesystem, passwords, cookies, and credit card information stored in browsers. Additionally, the malware tries to steal information from more than 50 cryptocurrency extensions, which have grown in popularity as a target.

A ready-to-use web panel for managing victims, a MetaMask brute-forcer, a crypto currency checker, a dmg installer, and the option to receive stolen logs on Telegram are all included in the $1,000 per month plan. Researchers who found this malware revealed that it was a project that was still in active development.

AMOS purchasers are responsible for establishing their own channels for distribution, which may employ a variety of strategies including phishing emails, malicious advertising, social media postings, instant chats, black SEO, laced torrents, and other techniques. Attackers can extensively infiltrate the target system thanks to the Atomic Stealer’s array of data-theft tools. The malware presents a fake password prompt to obtain the system password after the malicious dmg file has been executed, giving the attacker elevated privileges on the victim’s machine.

Following this initial penetration, the malware attempts to obtain the Keychain password of the macOS’ built-in password manager that stores WiFi passwords, online logins, credit card data, and other encrypted data. Atomic also gives operators the capability to steal files directly from the victim’s ‘Desktop’ and ‘Documents’ directories.

The Atomic macOS Stealer malware is specifically designed to target macOS users in a variety of industries, including Finance, Cryptocurrencies, and web browsers. The malware has been reported to target users in a number of countries, including the United States, Canada, the United Kingdom, and Australia.