New macOS KeyChain Password Stealing Malware Sold on Telegram
A new macOS malware that can steal sensitive data such as passwords and files was advertised on a Telegram channel for $1,000 per month, MacRumors reports(Opens in a new window).
Found on Telegram by the cybersecurity intelligence group Cyble Research(Opens in a new window), the Atomic macOS Stealer (AMOS) is specifically designed to target macOS and steal sensitive information from a Mac.
As Macrumors notes, the malware, which was being sold on the encrypted messaging app for $1,000 per month, is able to gain access to keychain passwords, system information, files from the desktop and documents folder, and a Mac’s password.
AMOS can additionally hack into Chrome and Firefox apps, and steal autofill information such as passwords, wallets, and credit card information.
The malware can be bought together with a panel feature that is designed to help manage malware targets. It also comes with tools for brute-forcing private keys.
According to Macrumors, the malware designer has been busy adding new improvements and functionalities to it, with the most recent update being on April 25.
Abbreviated to AMOS, the malware requires a user to click on a .dmg file in order to begin installing. Once installed, it immediately starts accessing passwords, autofill information, and other sensitive data, and transferring it to a remote server. In order to attain access to the system password, AMOS triggers a fake system prompt.
AMOS is also known to target crypto wallets such as Electrum, Binance, Exodus, Atomic, and Coinomi.
Cyble Research advises users to avoid installing software outside the Mac App Store, and to use strong passwords and multi-factor as well as biometric authentication on their Macs.
Cyble also advises users to
Read more on pcmag.com
