BTC $55865.7639
ETH $3222.4858
BNB $400.6682
SOL $110.6842
XRP $0.5548
ADA $0.6230
AVAX $39.2767
DOGE $0.0896
TRX $0.1404
wstETH $3751.1765
LINK $19.0474
DOT $8.0594
WETH $3236.9354
MATIC $1.0625
UNI $10.5983
WBTC $55965.3668
IMX $3.3901
ICP $13.0143
BCH $300.6764
LTC $74.8911
CAKE $3.2355
FIL $8.1517
ETC $28.1561
RNDR $7.4096
KAS $0.1718
DAI $0.9979
HBAR $0.1117
ATOM $11.3293
VET $0.0491
INJ $36.5642
TON $2.1072
OKB $51.3395
LDO $3.5443
FDUSD $1.0015
STX $3.0723
ARB $1.9162
NEAR $4.0168
XMR $131.7677
TIA $17.0755
XLM $0.1186
GRT $0.2823
ENS $22.2643
THETA $2.1117
MKR $2155.4331
WEMIX $2.1023
APEX $2.4575
BEAM $0.0357
BTC $55865.7639
ETH $3222.4858
BNB $400.6682
SOL $110.6842
XRP $0.5548
ADA $0.6230
AVAX $39.2767
DOGE $0.0896
TRX $0.1404
wstETH $3751.1765
LINK $19.0474
DOT $8.0594
WETH $3236.9354
MATIC $1.0625
UNI $10.5983
WBTC $55965.3668
IMX $3.3901
ICP $13.0143
BCH $300.6764
LTC $74.8911
CAKE $3.2355
FIL $8.1517
ETC $28.1561
RNDR $7.4096
KAS $0.1718
DAI $0.9979
HBAR $0.1117
ATOM $11.3293
VET $0.0491
INJ $36.5642
TON $2.1072
OKB $51.3395
LDO $3.5443
FDUSD $1.0015
STX $3.0723
ARB $1.9162
NEAR $4.0168
XMR $131.7677
TIA $17.0755
XLM $0.1186
GRT $0.2823
ENS $22.2643
THETA $2.1117
MKR $2155.4331
WEMIX $2.1023
APEX $2.4575
BEAM $0.0357
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Atomic Stealer: New Data Stealer for macOS

    A new malware to steal information from macOS devices called "Atomic" (also known as "AMOS") is currently being actively distributed through private Telegram channels for a $1,000 per month subscription.

    For this money, buyers receive a “Setup.dmg” file containing 64-bit Go-based malware designed to steal iCloud Keychain passwords, files from the local file system, other passwords, cookies, and bank card data stored in browsers.

    The malware also supports over 50 different cryptocurrency management browser extensions, which have recently become a popular target for cybercriminals.

    Cybercriminals who pay for a malware subscription also receive a ready-made web panel for convenient victim management, the ability to upload stolen data to Telegram, and much more.

    The Atomic malware was discovered just recently by one of Trellix's researchers, as well as by Cyble's research team. The latest version of the malware dates back to April 25 of this year, which makes it clear that Atomic is an actively developing project.

    Infostealer buyers are free to set up their own distribution channels, including, for example, phishing emails, malicious ads, social media posts, instant messaging, black hat SEO, malicious torrents, etc.

    Atomic Stealer has an extensive set of data theft features, providing its operators with advanced capabilities to penetrate deeper into the target system.

    When executing a malicious "Setup.dmg" file, the malware displays a fake macOS system password request window that looks like a real one. This is how the attackers get the password they need, which allows the malware to elevate its privileges on the compromised computer.

    After an initial compromise, the malware attempts to extract the password for iCloud Keychain, the built-in macOS password manager that contains Wi-Fi passwords, website logins, bank card details, and other encrypted information.

    Atomic then proceeds to extract the following information:

    • Desktop cryptocurrency wallets: Electrum, Binance, Exodus, Atomic.
    • Crypto Wallet Browser Extensions: Over 50 extensions are supported in total, including popular ones such as Trust Wallet, Exodus Web3 Wallet, Jaxx Liberty, Coinbase, Guarda, TronLink, Trezor Password Manager, Metamask, Yoroi, and BinanceChain.
    • Web browser data: autofill, passwords, cookies and bank cards from Google Chrome, Mozilla Firefox, Microsoft Edge, Yandex, Opera and Vivaldi.
    • System information: device model name, hardware UUID, RAM size, processor specifications, serial number, and others.

    Atomic also gives its operators the ability to steal files directly from the Desktop and Documents directories. However, the malware first requests permission to access these files, which gives victims the opportunity to notice the malicious activity and take action to eliminate it.

    After stealing user data, the malware packs all the information into a ZIP archive and then sends it to the attackers' C2 server, which Cyble says is located at "amos-malware.ru/sendlog". All the stolen information is then sent from the infostealer creators' C2 server to the operator's closed Telegram channel.

    The Trellix security researcher noted that of particular interest is the fact that the IP address associated with the Atomic C2 server, as well as its assembly name, are also used by the Raccoon Stealer malware, potentially linking the two malicious campaigns.

    Although macOS is still a side target for hackers, as it occupies only about 15% of the desktop operating system market (whereas Windows is about 75%), researchers are increasingly recording attacks on apple devices.

    Author DeepWeb
    Hackers are able to steal all your passwords through Outlook, even without installing additional software
    Cryptocurrency growth provoked a surge in account hacks on cryptocurrency exchanges

    Comments 0

    Add comment