A new chunk of malware known as “Atomic macOS Stealer (AMOS)” has been released that specifically targets Apple users. In the latest development, AMOS has been found in malicious ads for Google searches.
The most recent version of the Atomic macOS Stealer was noted by researchers at Malwarebytes in what is considered a “malvertising campaign.” The software, which currently targets both Windows and Mac users, works to steal iCloud Keychain passwords, credit card information, files, crypto wallets, and more.
Per 9to5Mac:
Here’s how the new malvertising campaign works to compromise Macs:
Malicious ads for Google searches target Mac users
Phishing sites trick victims into downloading what they believe is the app they want
The malware is bundled in an ad-hoc signed app so it cannot be revoked by Apple
The payload is a new version of the recent Atomic Stealer for OSX (macOS)
Malwarebytes has stated that it believes threat actors are using compromised ad accounts to buy the ads that lead to phishing sites.
Fortunately, the attacks are preventable and the best guidelines are as follows:
- Don’t download software from untrusted or unknown sources
- Be wary if an app asks you to bypass macOS GateKeeper protections
- If you do want to download an app outside Apple’s Mac App Store, check when the website was created
Other programs, such as Malwarebytes, CleanMyMac X, Norton, and McAfee, offer good viral detection and removal tools for your Mac.
Please be careful out there and stay tuned for additional details as they become available.
Via 9to5Mac and Malwarebytes