Atomic malware steals Mac passwords, crypto wallets, and more

Atomic malware steals Mac passwords, crypto wallets, and more

Hot on the heels of MacStealer and the development of a version of the notorious Lockbit ransomware for Macs comes another malware threat for Apple fans.

Security researchers at Cyble are warning that cybercriminals have developed a new malware threat which can steal highly sensitive data from the Mac computers it infects.

The malware, named Atomic Stealer by researchers, can a steal a wide variety of information from compromised Macs:

  • keychain passwords
  • system information
  • files from the Desktop and Documents folders
  • the computer’s password
  • web browser auto-fills, passwords, cookies, and payment card information

In addition, Cyble’s team says that Atomic Stealer can “target cryptowallets such as Electrum, Binance, Exodus, Atomic, and Coinomi.”

Clearly, any information which could lead to a investor’s cryptocurrency wallet being compromised could lead to significant financial losses.

Sign up to our free newsletter.
Security news, advice, and tips.

The group behind Atomic Stealer has been advertising the capabilities of the malware on a Telegram channel, and also selling for $1000-per-month access to a a suite of web-based features including a command-and-control dashboard of infected devices, and tools to brute force access to the popular MetaMask cryptocurrency wallet.

Telegram ad
Hackers promote the capabilities of Atomic Stealer on Telegram.

Mac users are advised to always take care about where they choose to source their software – avoiding pirated software and cracks. Downloading from a trusted software developer’s website or using the official Mac App Store is generally a much safer choice.

Atomic Stealer is one of the latest examples of malware being written using Golang (Go), which has proven increasingly popular amongst financially-motivated cybercriminals, and in particular those who wish to easily use the same code to build threats for Windows, macOS, and Linux.

For more information check out the technical blog post by Cyble.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.