Atomic macOS Stealer leads sensitive data theft on macOS

Sept. 9, 2024, 11:21 a.m.

Description

The report discusses the Atomic macOS Stealer (AMOS), an infostealer malware targeting macOS systems. It is designed to steal sensitive information like passwords, cookies, cryptocurrency wallets, and other data from infected machines. The malware is distributed through malvertising, SEO poisoning, and social media campaigns disguised as legitimate applications. AMOS has evolved with obfuscated code, Python droppers, and potential future iOS targeting capabilities. The report provides insights into AMOS's distribution methods, command and control infrastructure, and evolving capabilities, emphasizing the importance of exercising caution when installing software and enabling appropriate security measures.

Date

  • Created: Sept. 9, 2024, 11:16 a.m.
  • Published: Sept. 9, 2024, 11:16 a.m.
  • Modified: Sept. 9, 2024, 11:21 a.m.

Indicators

  • d23491dd351f43f0efad5cee2be80c4049349a7695c0e7de1de632c791356183
  • c43e506c9b964dddf6fd784bf0cc78b4a2396f47257361dc22e1070e249eae16
  • bda2503fc02b11258399cfabd0778a997654b5bd7d30e5e3f5bef54a74b914e1
  • b351e3f475681ab2e8db5b2bbd2beaf26e5b4fd082ca08eba6fffbc76370113c
  • 8891e7562eb4db253a8582376083ca99b19457680f9d36a5ba4108790740785e
  • 7bcfcc90d0bd6c85b5b1cc9f287e161020571a0418afb50f2dd67685e9d3a4fc
  • 716778bab5fb2c439a51362be5941a50d587714d58a6faa39eefa96aa79c1561
  • 564b21c293bc9d0885dc7a87dbf488a497c98d2103d91f5bbcfdb476eb8b6f4c
  • 4dce8b3beba71b8b44b6576ff2497ed68c6fafebd046822f0d60f8758238e900
  • 01082cd4733e5f3e2c3f642fa6c0afb5a9489d39ff26a35549263fc0e02ebad3
  • http://slackforbusiness.net/main.php
  • http://slackforbusiness.net/api.php
  • slackcomtop.aab-e-pak.com
  • wooofi.com
  • slackforbusiness.net
  • nextnovatech.com
  • macpaw.us

Attack Patterns

  • Atomic macOS Stealer
  • AMOS
  • T1578
  • T1193
  • T1588
  • T1185
  • T1548
  • T1557
  • T1189
  • T1552
  • T1497
  • T1555
  • T1083
  • T1071
  • T1036
  • T1566
  • T1059