In a worrying development for Apple macOS users, threat actors have begun advertising a new information-stealing tool called Atomic macOS Stealer (or AMOS) on the encrypted messaging platform Telegram. Available for $1,000 per month, the tool is designed to extract sensitive information from the victim's machine, including Keychain passwords, system information, desktop files, and documents folder. It can even steal the macOS password itself, providing hackers with a range of valuable data that can be used to launch further attacks.
According to researchers from cybersecurity firm Cyble, the AMOS tool is particularly noteworthy for its ability to extract data from web browsers and cryptocurrency wallets. This means that users of platforms such as Atomic, Binance, Coinomi, Electrum, and Exodus could all be at risk of having their digital assets stolen by malicious actors using this tool. Additionally, those who purchase the AMOS tool are provided with a ready-to-use web panel for managing their victims, further highlighting the potential for widespread harm.
The emergence of AMOS comes amid growing concern over the vulnerability of Apple's macOS operating system to cyber attacks. While traditionally considered more secure than Microsoft's Windows, macOS has become an increasingly attractive target for hackers in recent years due to its growing popularity and the proliferation of high-value targets among Apple users. As a result, security researchers have been warning Mac users to remain vigilant and take steps to protect themselves against potential attacks.
In the case of AMOS, experts are urging users to be particularly careful when downloading software or clicking on links from unknown sources, as this is often the primary method used by hackers to gain access to victims' machines. Additionally, users are advised to install antivirus software and to keep their operating systems up to date with the latest security patches, which can help to prevent known vulnerabilities from being exploited.
Overall, the emergence of the AMOS tool highlights the ongoing threat posed by cybercriminals to Mac users, and serves as a reminder of the need for constant vigilance and proactive measures to protect against potential attacks. As always, it is crucial for users to remain informed and up to date with the latest security news and best practices in order to stay one step ahead of those seeking to do them harm. Michael Covington, Vice President, Portfolio Strategy, Jamf weighed in on the incident: "As modern devices like the Mac and companion mobile platforms become more common in the workplace, they also become more valuable targets for cybercriminals; it is likely that we will continue to see new and sophisticated forms of malware targeting these devices in the future.
In fact, the Atomic macOS Stealer is evidence that attacks against macOS are now being commoditized and turned into subscription services for use by organized crime and other groups with malicious intent. The “malware as a service” offering associated with this particular effort charges $1,000/month for access to a broad set of data stores on the device and an easy-to-use interface for distributing the malware and monitoring installations.
It is crucial that individuals and organizations take steps to protect their Apple devices. Best practices suggest users keep the operating systems up-to-date, maintain good configurations like activating FileVault disk encryption, use reputable security solutions, and scrutinize any application that is asking you to grant extra permissions or take extra steps to launch (such as right click-open to bypass security controls).
It’s also important for organizations to prioritize security education and awareness about social engineering tactics, particularly on modern platforms where focused training has historically been absent."