BTC $68279.0927
ETH $3629.5433
BNB $418.8260
SOL $133.0943
XRP $0.6497
stETH $3620.7348
ADA $0.7707
DOGE $0.1827
AVAX $43.0376
DOT $9.8988
wstETH $4204.4051
TRX $0.1402
LINK $20.4333
WETH $3627.8562
MATIC $1.1461
WBTC $68015.7231
UNI $12.3628
BCH $469.5171
LTC $88.8112
IMX $3.1360
ICP $13.3800
CAKE $3.3523
ETC $35.9657
FIL $10.0244
LEO $4.8744
ATOM $12.4782
TON $2.7811
HBAR $0.1174
RNDR $7.3750
KAS $0.1614
INJ $40.6866
DAI $0.9990
OKB $56.8390
VET $0.0495
PEPE $0.0000
XLM $0.1458
FDUSD $0.9965
STX $3.0333
XMR $148.4317
WEMIX $2.7041
LDO $3.2821
NEAR $4.3354
GRT $0.3080
ARB $1.9787
THETA $2.3471
APEX $2.6824
BSV $115.5449
BTC $68279.0927
ETH $3629.5433
BNB $418.8260
SOL $133.0943
XRP $0.6497
stETH $3620.7348
ADA $0.7707
DOGE $0.1827
AVAX $43.0376
DOT $9.8988
wstETH $4204.4051
TRX $0.1402
LINK $20.4333
WETH $3627.8562
MATIC $1.1461
WBTC $68015.7231
UNI $12.3628
BCH $469.5171
LTC $88.8112
IMX $3.1360
ICP $13.3800
CAKE $3.3523
ETC $35.9657
FIL $10.0244
LEO $4.8744
ATOM $12.4782
TON $2.7811
HBAR $0.1174
RNDR $7.3750
KAS $0.1614
INJ $40.6866
DAI $0.9990
OKB $56.8390
VET $0.0495
PEPE $0.0000
XLM $0.1458
FDUSD $0.9965
STX $3.0333
XMR $148.4317
WEMIX $2.7041
LDO $3.2821
NEAR $4.3354
GRT $0.3080
ARB $1.9787
THETA $2.3471
APEX $2.6824
BSV $115.5449
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Atomic Stealer: New Data Stealer for macOS

    A new malware to steal information from macOS devices called "Atomic" (also known as "AMOS") is currently being actively distributed through private Telegram channels for a $1,000 per month subscription.

    For this money, buyers receive a “Setup.dmg” file containing 64-bit Go-based malware designed to steal iCloud Keychain passwords, files from the local file system, other passwords, cookies, and bank card data stored in browsers.

    The malware also supports over 50 different cryptocurrency management browser extensions, which have recently become a popular target for cybercriminals.

    Cybercriminals who pay for a malware subscription also receive a ready-made web panel for convenient victim management, the ability to upload stolen data to Telegram, and much more.

    The Atomic malware was discovered just recently by one of Trellix's researchers, as well as by Cyble's research team. The latest version of the malware dates back to April 25 of this year, which makes it clear that Atomic is an actively developing project.

    Infostealer buyers are free to set up their own distribution channels, including, for example, phishing emails, malicious ads, social media posts, instant messaging, black hat SEO, malicious torrents, etc.

    Atomic Stealer has an extensive set of data theft features, providing its operators with advanced capabilities to penetrate deeper into the target system.

    When executing a malicious "Setup.dmg" file, the malware displays a fake macOS system password request window that looks like a real one. This is how the attackers get the password they need, which allows the malware to elevate its privileges on the compromised computer.

    After an initial compromise, the malware attempts to extract the password for iCloud Keychain, the built-in macOS password manager that contains Wi-Fi passwords, website logins, bank card details, and other encrypted information.

    Atomic then proceeds to extract the following information:

    • Desktop cryptocurrency wallets: Electrum, Binance, Exodus, Atomic.
    • Crypto Wallet Browser Extensions: Over 50 extensions are supported in total, including popular ones such as Trust Wallet, Exodus Web3 Wallet, Jaxx Liberty, Coinbase, Guarda, TronLink, Trezor Password Manager, Metamask, Yoroi, and BinanceChain.
    • Web browser data: autofill, passwords, cookies and bank cards from Google Chrome, Mozilla Firefox, Microsoft Edge, Yandex, Opera and Vivaldi.
    • System information: device model name, hardware UUID, RAM size, processor specifications, serial number, and others.

    Atomic also gives its operators the ability to steal files directly from the Desktop and Documents directories. However, the malware first requests permission to access these files, which gives victims the opportunity to notice the malicious activity and take action to eliminate it.

    After stealing user data, the malware packs all the information into a ZIP archive and then sends it to the attackers' C2 server, which Cyble says is located at "amos-malware.ru/sendlog". All the stolen information is then sent from the infostealer creators' C2 server to the operator's closed Telegram channel.

    The Trellix security researcher noted that of particular interest is the fact that the IP address associated with the Atomic C2 server, as well as its assembly name, are also used by the Raccoon Stealer malware, potentially linking the two malicious campaigns.

    Although macOS is still a side target for hackers, as it occupies only about 15% of the desktop operating system market (whereas Windows is about 75%), researchers are increasingly recording attacks on apple devices.

    Author DeepWeb
    Hackers are able to steal all your passwords through Outlook, even without installing additional software
    Cryptocurrency growth provoked a surge in account hacks on cryptocurrency exchanges

    Comments 0

    Add comment