Back

Fake Microsoft Teams for Mac delivers Atomic Stealer

July 12, 2024, 6:51 p.m.

Tags

malvertising
data theft
stealer
macos
adware
2024-07-12
atomic stealer

External References

https://www.malwarebytes.com/

https://otx.alienvault.com/

Description

A malvertising campaign lures Mac users into downloading a counterfeit Microsoft Teams installer containing Atomic Stealer, a data-stealing malware. The campaign uses advanced filtering techniques, compromised ad accounts, and decoy pages to deliver unique payloads that bypass security measures. Upon installation, the malware steals passwords, files, and exfiltrates data. Mitigations include using browser protection tools and cautious downloading practices.

Date

Published Created Modified
July 12, 2024, 6:21 p.m. July 12, 2024, 6:21 p.m. July 12, 2024, 6:51 p.m.

Indicators

7120703c25575607c396391964814c0bd10811db47957750e11b97b9f3c36b5d

147.45.43.136

http://locallyhyped.com/kurkum/script_66902619887998.92077775.php

Attack Patterns

Atomic Stealer

T1139

T1025

T1555.003

T1213

T1552

T1497

T1087

T1057

T1105

T1566.001

T1071

T1102

T1219

T1558