HQ/EMEAFind out how we can help your business
The Atomic Stealer, one of the limited macOS info stealers, has gained traction among cybersecurity researchers since it received upgrades from its developers. Threat groups have recently increased the deployment of infostealing malware against Apple products.
Based on reports, the latest Stealer version has focused on targeting the gaming community and crypto users. These malware operators have been attempting to acquire data from their targets.
Moreover, the researchers claimed that these attackers are financially motivated and have been deploying information-stealing malware to earn profit.
The Atomic Stealer has been the most efficient malicious tool against Apple.
According to the investigation, the Atomic Stealer malware has more effectively targeted Apple products than MacStealer and Pureland. This infostealer’s efficiency is because it can harvest account passwords, session cookies, crypto wallets, and browser data.
The malware developers have also allowed threat groups to employ this malicious tool for about a thousand dollars for a monthly subscription. In addition, the malware developers promote their devices through Telegram and sometimes YouTube.
Threat groups can decide how they can deliver their payload to their targets. Researchers confirmed some incidents where the hackers masquerade Atomic Stealer as an installer for legitimate apps like the Tor browser.
Some attackers have also impersonated the malware as a cracked version of popular software products, such as MS Office, Notion, or Photoshop CC. Other threat actors have also injected malicious software into legitimate Google Ads.
Researchers explained that the Atomic Stealer is not a sophisticated malware, but it uses an efficient AppleScript spoofing strategy to exfiltrate a target’s login password during attacks. This strategy exploits Apple’s scripting language, automating computer tasks to deceive users into operating malicious code.
Lastly, the Atomic Stealer information stealer malware tries to establish persistence on compromised Macs, becoming a trend among malicious actors since Apple released a new feature that alerts users when an item is added to the login entities list on macOS Ventura.
The tool will try to steal as much data as possible in one fell swoop to reduce the chances of detection and increase the opportunities to be a successful campaign.
