Hackers selling new malware on Telegram that targets macOS users

2 min read
Hackers selling new malware on Telegram that targets macOS users

Threat actors are selling a new malware referred to as — Atomic macOS Stealer (AMOS) on the Telegram channel to focus on macOS platforms, which is able to extracting autofill data, passwords, wallets, and extra.

According to Cyble Research and Intelligence Labs (CRIL), the Atomic macOS Stealer malware is particularly designed to focus on macOS and might steal delicate data from the sufferer’s machine.

The researchers have not too long ago found a Telegram channel promoting this new information-stealing malware.

Moreover, the report mentioned that the hacker behind this stealer is continually bettering this malware and including new capabilities to make it simpler.



The malware’s most up-to-date replace was seen in a Telegram put up on April 25, highlighting its newest options.

According to the report, the Atomic macOS Stealer can steal numerous forms of data from the sufferer’s machine, together with keychain passwords, full system data, recordsdata from the desktop and paperwork folder, and even the macOS password.

In addition, the malware is designed to focus on a number of browsers and might extract auto-fills, passwords, cookies, wallets, and bank card data. Specifically, AMOS can goal cryptowallets resembling Electrum, Binance, Exodus, Atomic, and Coinomi.

The menace actor additionally presents further companies resembling an internet panel for managing victims, meta masks brute-forcing to steal seed and personal keys, a crypto checker, and a dmg installer, after which the logs are shared through Telegram.

These companies can be found for $1,000 per thirty days.


[Representational image]Creative Commons

However, the report talked about that macOS users can shield their techniques from AMOS malware by putting in a .dmg file on their machines.

After putting in, users might want to authenticate the set up with a consumer password with a pretend system dialog field following set up.

Once put in, it is going to scan for delicate data, which it is going to steal with the system password if mandatory, and ship to a distant server.

(With inputs from IANS)

About Author