Atomic macOS Stealer leads sensitive data theft on macOS
Sept. 9, 2024, 11:21 a.m.
Description
The report discusses the Atomic macOS Stealer (AMOS), an infostealer malware targeting macOS systems. It is designed to steal sensitive information like passwords, cookies, cryptocurrency wallets, and other data from infected machines. The malware is distributed through malvertising, SEO poisoning, and social media campaigns disguised as legitimate applications. AMOS has evolved with obfuscated code, Python droppers, and potential future iOS targeting capabilities. The report provides insights into AMOS's distribution methods, command and control infrastructure, and evolving capabilities, emphasizing the importance of exercising caution when installing software and enabling appropriate security measures.
Tags
Date
- Created: Sept. 9, 2024, 11:16 a.m.
- Published: Sept. 9, 2024, 11:16 a.m.
- Modified: Sept. 9, 2024, 11:21 a.m.
Indicators
- d23491dd351f43f0efad5cee2be80c4049349a7695c0e7de1de632c791356183
- c43e506c9b964dddf6fd784bf0cc78b4a2396f47257361dc22e1070e249eae16
- bda2503fc02b11258399cfabd0778a997654b5bd7d30e5e3f5bef54a74b914e1
- b351e3f475681ab2e8db5b2bbd2beaf26e5b4fd082ca08eba6fffbc76370113c
- 8891e7562eb4db253a8582376083ca99b19457680f9d36a5ba4108790740785e
- 7bcfcc90d0bd6c85b5b1cc9f287e161020571a0418afb50f2dd67685e9d3a4fc
- 716778bab5fb2c439a51362be5941a50d587714d58a6faa39eefa96aa79c1561
- 564b21c293bc9d0885dc7a87dbf488a497c98d2103d91f5bbcfdb476eb8b6f4c
- 4dce8b3beba71b8b44b6576ff2497ed68c6fafebd046822f0d60f8758238e900
- 01082cd4733e5f3e2c3f642fa6c0afb5a9489d39ff26a35549263fc0e02ebad3
- http://slackforbusiness.net/main.php
- http://slackforbusiness.net/api.php
- slackcomtop.aab-e-pak.com
- wooofi.com
- slackforbusiness.net
- nextnovatech.com
- macpaw.us
Attack Patterns
- Atomic macOS Stealer
- AMOS
- T1578
- T1193
- T1588
- T1185
- T1548
- T1557
- T1189
- T1552
- T1497
- T1555
- T1083
- T1071
- T1036
- T1566
- T1059