Atomic Stealer

Posted: December 24, 2023
from Cybersecurity Glossary
Aliases:
AMOS, Atomic macOS Stealer
Variants:
Amos Atomic MacOS Stealer, Atomic Stealer Variant B, Atomic Stealer Variant C
Damage:
Can Steal A Wide Range Of Sensitive Data, Including Login Credentials, Cookies, Browser Histories, And Cryptocurrency Wallets.
Risk Level:
High

Having surfaced in April 2023, Atomic Stealer remains an actively evolving threat. Employing malvertising campaigns, it strategically focuses on macOS users to illicitly obtain their account passwords, browser data, and cryptocurrency wallet particulars. The malware has been identified in counterfeit websites offering purported software for Windows and Linux, with a heightened emphasis on macOS. Upon installation of the deceptive application on a macOS device, a misleading pop-up appears, requesting the user's password for supposed access to System Preferences. In reality, this action grants Atomic Stealer the necessary permissions to initiate the theft of files and data stored in the iCloud Keychain and browser.

Possible symptoms

  • Unusual system slowdowns, particularly during internet browsing or file access.
  • Unexpected pop-ups requesting sensitive information or authentication.
  • Changes in browser behavior, such as unauthorized access to saved passwords or auto-filled forms.
  • Cryptocurrency wallet activity anomalies, such as unauthorized transactions or fund transfers.
  • Unexplained changes in system and application settings.

Sources of the infection

  • Malvertising campaigns on compromised or fake websites distributing malicious versions of legitimate software, especially targeting macOS users.
  • Download and installation of fake applications, often disguised as software updates or utilities, from untrustworthy sources.
  • Social engineering tactics, where users are tricked into providing sensitive information or downloading malicious files.
  • Exploitation of vulnerabilities in the macOS operating system and third-party applications to gain unauthorized access.
  • Compromised software supply chains, with attackers injecting the malware into legitimate software packages during distribution.

Overview

Atomic Stealer is a malicious software known as AMOS or Atomic macOS Stealer, specializing in the unauthorized extraction of sensitive information from macOS devices. This threat, categorized as an information stealer, poses a significant risk by targeting a broad spectrum of valuable data, including login credentials, cookies, browser histories, and cryptocurrency wallets.

Having emerged in April 2023, Atomic Stealer continues to be a dynamically evolving menace. Its propagation involves malvertising campaigns strategically aimed at macOS users, with a focus on purloining account passwords, browser data, and cryptocurrency wallet details. The malware is often concealed within counterfeit websites that falsely claim to offer software for Windows and Linux but particularly emphasize macOS.

Upon duping users into installing a deceptive application on their macOS devices, Atomic Stealer employs a misleading pop-up that requests the user's password under the guise of accessing System Preferences. However, this seemingly innocent action grants the malware the necessary permissions to initiate the theft of files and data stored in the iCloud Keychain and browser.

Distinctive symptoms of an Atomic Stealer infection include unusual system slowdowns during internet browsing or file access, unexpected pop-ups soliciting sensitive information, alterations in browser behavior, anomalies in cryptocurrency wallet activities, and unexplained changes in system and application settings.

The danger level of Atomic Stealer is rated at 4, indicating a high potential for damage. If an infection is suspected, immediate steps should be taken, including disconnecting from the internet, isolating the infected device from the network, running a full system scan using a Gridinsoft Anti-Malware, changing all passwords—especially those related to sensitive accounts—and considering system restoration from a clean backup taken before the infection.

Preventing Atomic Stealer infections requires proactive measures, such as keeping the operating system and software up-to-date with the latest security patches, exercising caution when downloading software from official sources, using and regularly updating a Gridinsoft Anti-Malware, avoiding suspicious links or ads—especially on websites offering software downloads—and implementing regular data backups stored in a secure location.

🤔 What to do?

If you suspect your macOS device is infected with Atomic Stealer:

  • Disconnect from the internet to prevent further data exfiltration.
  • Isolate the infected device from the network to avoid spreading the malware.
  • Run a full system scan using a Gridinsoft Anti-Malware.
  • Change all passwords, especially those related to sensitive accounts such as cryptocurrency wallets.
  • Consider restoring your system from a clean backup taken before the infection.

🛡️ Prevention

To prevent Atomic Stealer infections:

  • Keep your operating system and software up-to-date with the latest security patches.
  • Be cautious when downloading software and only use official sources.
  • Use a Gridinsoft Anti-Malware and keep it updated.
  • Avoid clicking on suspicious links or ads, especially on websites offering software downloads.
  • Regularly back up your data and store backups in a secure location.

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Gridinsoft Anti-Malware