Atomic malware steals Mac passwords, crypto wallets, and more

Atomic malware steals Mac passwords, crypto wallets, and more

Hot on the heels of MacStealer and the development of a version of the notorious Lockbit ransomware for Macs comes another malware threat for Apple fans.

Security researchers at Cyble are warning that cybercriminals have developed a new malware threat which can steal highly sensitive data from the Mac computers it infects.

The malware, named Atomic Stealer by researchers, can a steal a wide variety of information from compromised Macs:

  • keychain passwords
  • system information
  • files from the Desktop and Documents folders
  • the computer’s password
  • web browser auto-fills, passwords, cookies, and payment card information

In addition, Cyble’s team says that Atomic Stealer can “target cryptowallets such as Electrum, Binance, Exodus, Atomic, and Coinomi.”

Clearly, any information which could lead to a investor’s cryptocurrency wallet being compromised could lead to significant financial losses.

Sign up to our free newsletter.
Security news, advice, and tips.

The group behind Atomic Stealer has been advertising the capabilities of the malware on a Telegram channel, and also selling for $1000-per-month access to a a suite of web-based features including a command-and-control dashboard of infected devices, and tools to brute force access to the popular MetaMask cryptocurrency wallet.

Telegram ad
Hackers promote the capabilities of Atomic Stealer on Telegram.

Mac users are advised to always take care about where they choose to source their software – avoiding pirated software and cracks. Downloading from a trusted software developer’s website or using the official Mac App Store is generally a much safer choice.

Atomic Stealer is one of the latest examples of malware being written using Golang (Go), which has proven increasingly popular amongst financially-motivated cybercriminals, and in particular those who wish to easily use the same code to build threats for Windows, macOS, and Linux.

For more information check out the technical blog post by Cyble.

Found this article interesting? Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the exclusive content we post.

Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.