.png){kind=logo}
We have all had this notion that MacOS is way safer than Windows, yet again, we have been proved wrong with a new variant of malware affecting the Apple Macs.
This new variant, called Atomic macOS Stealer (AMOS), was spotted on the messaging app Telegram by the cybersecurity company Cyble. The worst part is it's being sold by the threat actors on the messaging app openly, that too has a subscription model-based pricing with different levels of attack features. The current version of this malware can compromise keychain passwords, system information, desktop and documents folder contents, and Mac passwords. Another significant part of this malware is that it can compromise popular browsers like Firefox and Chrome to extract financial information, especially crypto wallets and browser cookies.
The author of this malware variant has given feature-rich access to its clients, like a web portal to manage the targets and various tools needed to carry out the threats with perfection. While its clients have this ability, it's continuously being improved by the author in the background for a more effective breach for a 1000$ fee.
AMOS is installed in the form of a .dmg file in the victim's Mac, and once installed, it starts sending out all the necessary information from the respective computer to a remote server. The tricky and dangerous part of the process is that a fake prompt gets generated for full system access. Mac users are strongly advised against installing any software from unknown sources, which is a strong prevention against being affected by this malware. The cybersecurity company Cyble strongly recommends Mac users use strong and unique passwords with a combination of alphabets, numbers, and special characters and use biometric and multi-factor authentication whenever possible. Lastly, please don't click on links sent from unknown senders, be it on your email or text messages, as this is also a significant threat prevention from being infected by AMOS