A report published by the Cyble Research and Intelligence Labs (CRIL) revealed that hackers on Telegram are selling Malware to target MacOS users. The malware in question is called Atomic macOS Stealer (AMOS).
The malware can steal a great deal of information from a Mac device that includes keychain passwords, device information, files from different folders and desktops, and even the macOS password. However, probably the most worrying fact is that hackers are continuously updating AMOS capabilities.
Threat Actor also seems to provide other services to the Telegram users such as a web panel for managing victims, meta mask brute-forcing for stealing seed and private keys, crypto checker, and dmg installer. Allegedly all the services are being provided at $1000.
The latest update to AMOS was seen on April 25, 2023. It can target crypto-wallets such as Electrum, Binance, Exodus, Atomic, and Coinomi. Interestingly, this comes weeks after various popular Android Apps got infected with privacy invasive Goldoson Adware.
The report published by CRIL also mentions that macOS users can prevent these attacks by installing .dmg files on their computers. Once the file has been installed the user will have to authenticate the installation using a fake password with a fake system dialog box. Once the file is successfully installed, it will scan your system for important files, it may also steal these files with a system password if necessary. Finally, data will be sent to a remote server.
The news that hackers on Telegram are selling malware to target macOS users has come as a surprise as these systems are complex and difficult to get hacked into. However, the recent security breach is concerning, especially since Threat Actor is still live and continuously improving.
