Atomic Stealer is getting an upgrade

Atomic Stealer

Cybersecurity researchers have identified an updated version of a macOS information stealer called Atom (or AMOS), which indicates that the threat actors behind the malware are actively improving its capabilities.

“It appears that Atomic Stealer was updated around mid-to-late December 2023, with the developers introducing payload encryption in an attempt to bypass detection rules,” says Jérôme Segura of Malwarebytes. said in a Wednesday report.

Atomic Stealer first appeared in April 2023 for a monthly subscription of $1,000. It is capable of collecting sensitive information from a compromised host, including keychain passwords, session cookies, files, crypto wallets, system metadata, and the machine’s password through a fake prompt.

In recent months, the malware has been observed spreading through malvertising and compromised sites under the guise of legitimate software and web browser updates.

The latest analysis from Malwarebytes shows that Atomic Stealer is now being sold for a hefty rental price of $3,000 per month, with the actors running a promotion to coincide with Christmas, with the malware being offered for a discounted price of $2,000.

Nuclear theft

In addition to incorporating encryption to thwart detection by security software, campaigns distributing Atomic Stealer have undergone a slight shift, using Google search ads that mimic Slack as conduits to distribute Atomic Stealer or a malware loader called EugenLoader (also known as FakeBat). ) depending on the operating system.

It is worth noting that a malvertising campaign spotted in September 2023 used a rogue site for the TradingView charting platform to deliver NetSupport RAT, if accessed from Windows, and Atomic Stealer, if the operating system is macOS.

The rogue Slack disk image (DMG) file asks the victim to enter the system password when opened, allowing threat actors to collect sensitive information to which access is restricted. Another crucial aspect of the new version is the use of obfuscation to hide the command-and-control server that receives the stolen information.

“As stealers remain a major threat to Mac users, it is important to download software from trusted locations,” Segura said. “However, malicious advertisements and decoy sites can be very deceptive and all it takes is a single mistake (entering your password) for the malware to collect and exfiltrate your data.”


#Atomic #Stealer #upgrade

Notify of
Inline Feedbacks
View all comments
Previous Post
Ransomware Armageddon

There is a Ransomware Armageddon coming for all of us

Next Post
Denmark's Energy Sector Cyberattacks

New findings pose a challenge for attributing cyber attacks in the Danish energy sector

Related Posts