KeyChain Password-Stealing Malware for macOS Being Sold on Telegram

A freshly discovered malware specifically designed to infiltrate macOS devices has been found advertised on a Telegram channel for $1,000 per month. This malware, called Atomic macOS Stealer (AMOS), is capable of extracting sensitive data including passwords and files from a target Mac computer. According to reports, AMOS is able to gain access to passwords saved in the keychain, system information, files stored on the desktop and documents folder, as well as passwords stored in Chrome and Firefox autofill features, including credit card information and wallets.

The creators of the malware have been consistently updating and enhancing it with additional features, and it can be purchased with a panel feature intended to assist in managing targets. Additionally, it comes with tools to brute-force private keys.

AMOS can be initiated by clicking on a .dmg file, and once installed, it immediately begins extracting sensitive information and transferring it to a remote server. The malware triggers a phony system prompt in order to acquire access to the system password. The malware’s latest update was reported on April 25th.

The discovery of this malware highlights the need for increased caution and vigilance in cybersecurity practices. It is critical to avoid clicking on unfamiliar links and downloading suspicious files, as well as implementing strong passwords and using reputable antivirus software. The severity of the consequences of a cybersecurity breach, including the potential loss of sensitive information, underscores the importance of maintaining secure digital practices.

Leave a Comment