New Mac malware targets passwords, personal files, and crypto-wallets.

New Mac malware targets passwords, personal files, crypto wallets

[{"selector":"#anim-94814ab8-b1f5-4176-ab04-1f305c305633","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-2981d27c-eb6c-4271-8389-fb143fc5b620","keyframes":{"transform":["translate3d(0px, 172.66920%, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}]

In a recent report, Cyble Research and Intelligence Labs (CRIL) claimed that hackers had developed new malware that targets macOS

[{"selector":"#anim-149a73ba-b4a5-439e-bc43-754a96da5954","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-417b8368-a6c2-4332-9575-30702960a998","keyframes":{"transform":["translate3d(0px, 121.74262%, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}]

and steals vital, private data, including keychain and macOS user account passwords, system data

[{"selector":"#anim-c56a62c8-1aa8-4498-8763-1c2cd0981a91","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-24ae38ea-d4bd-4adf-a24e-c543369c7598","keyframes":{"transform":["translate3d(0px, 132.94000%, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}]

and files in the Desktop and Documents folder.

[{"selector":"#anim-8b216378-bea6-4c67-af4a-4a2bef11c320","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-f4ab9c62-bac2-4d4a-9e9f-e90064d0e49f","keyframes":{"transform":["translate3d(0px, 246.26591%, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}]

The malware, known as Atomic macOS Stealer (AMOS), targets browsers as well

[{"selector":"#anim-de06be73-8515-4974-8300-67953342ee90","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-ad1c3c56-2863-4605-831c-1518fb4018c0","keyframes":{"transform":["translate3d(0px, 160.26138%, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}]

and searches for data such as user names, passwords, credit card details, cookies, and more

[{"selector":"#anim-7cf97165-9d88-473b-99dd-4562ec674bd5","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-fbf119ac-3cea-4be1-a003-d949a27e1727","keyframes":{"transform":["translate3d(0px, 132.94000%, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}]

Additionally, according to CRIL's research, AMOS targets cryptocurrency wallets made by Atomic, Binance, Coinomi, Electrum, Exodus, and others.

[{"selector":"#anim-2cdb85f4-cebe-40f6-b17b-948b695b817c","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-482d021d-324f-4a89-85fb-3f2407b1ea3c","keyframes":{"transform":["translate3d(0px, 121.74262%, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}]

Unsigned disc image files (.dmg), which are frequently downloaded while installing new software, are how AMOS is disseminated.

[{"selector":"#anim-2dc12b2f-039a-40ba-85ae-0126a9e8191f","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-c096ca7a-a68d-406e-a1ca-5042fbd0797e","keyframes":{"transform":["translate3d(0px, 112.39010%, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}]

The user is prompted for their Mac's user password when they open the.dmg file, which launches the virus.

[{"selector":"#anim-20603518-25eb-406b-a1d6-ba29d0c0267f","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-dda53ff2-bce5-4e2d-be3e-99fd5222610c","keyframes":{"transform":["translate3d(0px, 141.78960%, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}]