Cyble Research, a cybersecurity firm, released a report in April of this year, discovering that hackers are peddling Atomic macOS Stealer (AMOS), a malware targeting macOS.
Cybersecurity firm Malwarebytes today reported that attackers are placing ads in Google searches to distribute the AMOS malware, which can be launched on both macOS and Windows devices.
The current version of AMOS accesses keychain passwords, system information, files in the Desktop and Documents folders, and passwords for Macs.
AMOS can also infiltrate browser applications such as Chrome and Firefox to extract autofill information, passwords, cookies, wallet and credit card information, and search for crypto-wallets such as Electrum, Binance, and Atomic in order to facilitate the theft of related data and property.
The malware affects Mac devices in the following steps:
- Targets Mac users with malicious advertisements in Google search.
- Leads users to a phishing website, tricking victims into downloading a fake application.
- The malware is bundled in an ad-hoc signed application that is not detected by Apple’s system
The good news is that this particular attack is preventable:
- Don’t download software from untrusted or unknown sources
- Be careful if an application asks you to bypass macOS GateKeeper protection
- If you do want to download an app outside of Apple’s Mac App Store, check when the site was created