A SOC Team’s Guide to Detecting macOS Atomic Stealers
Sept. 13, 2024, 9:26 a.m.
Tags
External References
Description
This article provides an analysis of the Atomic Infostealer malware family, which has been targeting macOS users throughout 2024. It discusses the various evolving variants, such as Amos, Banshee, Cthulu, Poseidon, and RodrigoStealer, developed and distributed by competing threat actor groups. The malware's distribution methods have expanded to spoof enterprise applications, making it more concerning. The article examines the characteristics, obfuscation techniques, and behaviors of different variants to aid in detection and triage.
Date
Published: Sept. 13, 2024, 8:59 a.m.
Created: Sept. 13, 2024, 8:59 a.m.
Modified: Sept. 13, 2024, 9:26 a.m.
Attack Patterns
RodrigoStealer
Cthulu
Amos Atomic
Banshee
Poseidon
Ping3r and Rodrigo
T1215
T1600
T1076
T1548
T1114
T1555
T1564
T1547
T1518
T1105
T1496
T1083
T1055
T1036
T1592
T1204
T1027
T1553
T1195
T1059