HQ/EMEAFind out how we can help your business
A new variant of the notorious Atomic Stealer called OSX.AtomStealer circulates the threat landscape through a new malvertising campaign that targets unsuspecting users searching for software solutions on the Google search engine.
The malware campaign starts with distributing cracked software for the TradingView app, a popular platform for monitoring financial markets.
Moreover, the threat actors use deceptive ads to fool users who want to acquire the TradingView software. The malicious ads typically appear on top of search results but contain misleading content planted by threat actors.
Some malicious ads also employ Unicode characters to impersonate genuine domains to bypass Google’s ad quality checks. Once the user accesses the deceptive ad, it will redirect unsuspecting users to a phishing page with three download buttons for Windows, Mac, and Linux.
The Windows and Linux download buttons lead to an MSIX installer that deploys the NetSupport RAT malware, aiding the deployment of additional malicious payloads.
This latest variant also includes an ad-hoc signed application that is permanent once executed. Additionally, it exfiltrated users’ system data, such as sensitive information like passwords, auto-fills, cookies, keychains, and wallet addresses. The operation will then send the harvested information to an attacker-controlled server.
The latest Atomic Stealer variant is not the only new threat to macOS.
Unfortunately, the emergence of the new Atomic Stealer variant is not the only concern for macOS users. Recently, the macOS system has witnessed other threats in the wild. An example is the XLoader, a malware that poses as a productivity app called OfficeNote that targets Apple product users.
Users should be cautious when downloading software solutions, especially on top search results in popular browsers. Furthermore, everyone should employ AV programs that have real-time protection to mitigate malware campaigns and increase defences against malicious payloads such as the Atomic Stealer.
Being aware and vigilant is the best practice to defend against cyber threats. The emergence of the new Atomic Stealer variant implies that everyone should be mindful of the looming dangers within the cybercriminal landscape. Organisations should work collectively to share information about such threats to create an effective countermeasure to prevent such attacks.
