A SOC Team’s Guide to Detecting macOS Atomic Stealers

Sept. 13, 2024, 9:26 a.m.

Description

This article provides an analysis of the Atomic Infostealer malware family, which has been targeting macOS users throughout 2024. It discusses the various evolving variants, such as Amos, Banshee, Cthulu, Poseidon, and RodrigoStealer, developed and distributed by competing threat actor groups. The malware's distribution methods have expanded to spoof enterprise applications, making it more concerning. The article examines the characteristics, obfuscation techniques, and behaviors of different variants to aid in detection and triage.

Date

Published: Sept. 13, 2024, 8:59 a.m.

Created: Sept. 13, 2024, 8:59 a.m.

Modified: Sept. 13, 2024, 9:26 a.m.

Attack Patterns

RodrigoStealer

Cthulu

Amos Atomic

Banshee

Poseidon

Ping3r and Rodrigo

T1215

T1600

T1076

T1548

T1114

T1555

T1564

T1547

T1518

T1105

T1496

T1083

T1055

T1036

T1592

T1204

T1027

T1553

T1195

T1059