Hundreds Targeted in New Atomic macOS Stealer Campaign

Posted on By CWS

CrowdStrike warns of a spike in assaults aimed toward infecting macOS customers with a variant of the notorious Atomic macOS Stealer (AMOS) data stealer.

Between June and August, the cybercrime group Cookie Spider, which operates the AMOS malware-as-a-service (MaaS) enterprise, used malvertising to direct victims to fraudulent assist web sites and trick them into putting in the malware.

The marketing campaign, CrowdStrike says, focused customers who have been trying to find options to frequent macOS points, and relied on selling fraudulent commercials for web sites the place victims have been instructed to execute a malicious command on their techniques.

The command would fetch a Bash script from a distant server, to seize the sufferer’s password and obtain an executable from one other distant location.

Dubbed SHAMOS, the payload is a variant of AMOS that accommodates anti-VM checks to forestall execution in a sandboxed setting, and which might carry out reconnaissance and information assortment duties.

The malware searches the system for recordsdata that comprise credentials, information from Keychain, AppleNotes, browsers, and identified cryptocurrency wallets, and makes an attempt to exfiltrate them to a distant server, packed in a ZIP archive.

Moreover, SHAMOS can obtain and execute payloads, together with a botnet module and a faux Ledger Reside pockets software.

The malvertising marketing campaign focused customers in Canada, China, Colombia, Italy, Japan, Mexico, the US, the UK, and different international locations, however was not served to Russian customers.Commercial. Scroll to proceed studying.

CrowdStrike’s investigation revealed that the cybercriminals probably impersonated a reliable Australia-based electronics retailer of their Google Promoting profile.

“This marketing campaign underscores the recognition of malicious one-line set up instructions amongst eCrime actors. This method permits them to bypass Gatekeeper safety checks and set up the Mach-O executable immediately onto sufferer gadgets,” CrowdStrike notes.

Associated: Homebrew macOS Customers Focused With Info Stealer Malware

Associated: Excessive-Worth NPM Builders Compromised in New Phishing Marketing campaign

Associated: North Korean Hackers Goal macOS Customers

Associated: Digium Telephones Focused in Cybercrime Marketing campaign Geared toward VoIP Methods

Security Week News Tags:, , , , ,

Related Posts

Armenian Man Extradited to US Over Ryuk Ransomware Attacks Security Week News
Coinbase Says Rogue Contractor Data Breach Affects 69,461 Users Security Week News
Mycroft Raises $3.5 Million for AI-Powered Security and Compliance Platform Security Week News
In Other News: India-Pakistan Cyberattacks, Radware Vulnerabilities, xAI Leak Security Week News
US Government Is Investigating Messages Impersonating Trump’s Chief of Staff, Susie Wiles Security Week News
ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Phoenix Contact Security Week News