Atomic macOS Stealer Malware Can Steal Keychain Info, Files, Browser Wallets and More

While Apple's Macs are less targeted by malware than Windows PCs, concerning Mac malware does pop up regularly. This week, there's new Mac malware out in the wild that Mac users should be aware of.

macos atomic malware demo
Called Atomic macOS Stealer (AMOS), the malware was found on Telegram by Cyble Research. A Telegram user was selling access to the malware, which is designed to steal sensitive information like usernames and passwords.

Whoever designed the Atomic macOS Stealer is working behind the scenes to improve it and add new functionality to make it more effective. In its current incarnation, AMOS is able to access keychain passwords, system information, files from the desktop and documents folder, and the password of the Mac.

It is able to infiltrate browser apps like Chrome and Firefox, extracting autofill information, passwords, cookies, wallets, and credit card information. Cryptowallets like Electrum, Binance, and Atomic are specific targets.

macos atomic malware
AMOS can be purchased with a web panel that makes it easy to manage malware targets, along with tools for brute-forcing private keys. The malware and accompanying services to make it easier to use against victims can be purchased on Telegram for $1,000 per month.

A .dmg file is used to get the malware on a victim's machine, and once installed, it immediately begins accessing sensitive information and sending it to a remote server. A fake system prompt is presented to get access to the system password, and it asks for access to files in the documents and desktop folders.

Because this requires a user to click on a .dmg file to install, Mac users can avoid the malware by not installing any kind of untrusted software from an unverified source. Cyble Research recommends installing software from the Mac App Store, using strong passwords and multi-factor authentication, and using biometric authentication where possible.

Users should also avoid opening links in emails, using caution whenever an app asks for permissions, and keeping devices, operating systems, and apps up to date.

Top Rated Comments

matt_and_187_like_this Avatar
5 weeks ago
Even malware is on a subscription model these days
Score: 112 Votes (Like | Disagree)
AtomicDusk Avatar
5 weeks ago
hey y’all, I just want to hijack this thread and say that I can’t wait for sideloading on iOS because you can put whatever you want on your Mac.
/s
Score: 39 Votes (Like | Disagree)
sw1tcher Avatar
5 weeks ago

Sounds like a great reason to only install from the App Store.

It's Apple behind this to prove why it's better to keep the App Store only for iOS and then do the same for the Mac!
Except Apple allows crapware onto their Mac App store too

https://www.macrumors.com/2023/04/25/chatgpt-scam-apps-mac-app-store/

not to mention all the junk on their iOS App store ('https://forums.macrumors.com/threads/psa-watch-out-for-fake-chatgpt-apps-and-other-scams-in-the-mac-app-store.2387808/page-2?post=32124285#post-32124285')
Score: 31 Votes (Like | Disagree)
LV426 Avatar
5 weeks ago
Next time macOS goes a bit loopy (literally) after an update and keeps asking you to re-enter your Apple ID password, you'd be justified in worrying that something like this is having a go at you.
Score: 20 Votes (Like | Disagree)
Rychiar Avatar
5 weeks ago

I only rely on Apple’s own Apple App Store on Mac. ?
I can’t think of anything i’ve ever gotten from the App Store. Even adobe isn’t on the App Store. Nor are things like VLC, superduper, emulators, bit torrent clients. Pretty much anything that makes a Mac Better than an iPad
Score: 18 Votes (Like | Disagree)
natnorth Avatar
5 weeks ago
Looking at that browser list... you can see why Chrome and pretty much all "competing" browsers based on chrome isn't great for web competition. Firefox is the only one of two on there that doesn't hand over passwords
Score: 17 Votes (Like | Disagree)

Popular Stories

Google Assistant

Google I/O 2016: Assistant, Home, Allo, Duo, Android N, and More

Wednesday May 18, 2016 11:51 am PDT by
Google hosted its annual I/O developers keynote at the Shoreline Amphitheatre in Mountain View, California today, announcing multiple new products and services related to Android, search, messaging, home automation, and more. Google Assistant Google Assistant is described as a "conversational assistant" that builds upon Google Now based on two-way dialog. The tool can be used, for example,...