Malware Stealing information from Apple’s Keychain

For a subscription of $1000 per month, Malware-as-a-Service is available to hackers via a Telegram channel that attacks Apple’s keychain password security on MacOS.

The malware, called Atomic or AMOS, once deployed attempts to steal and exfiltrate a range information from MacOS machines, including passwords, cookies, crypto-wallets, browsers etc..

New Atomic macOS info-stealing malware targets 50 crypto wallets (bleepingcomputer.com)

As a “bonus” the subscription includes tools to make it easier for a less skilled hacker to exploit and monetise the hack, including an easy to use web based interface to manage their victims.

One hope for a potential victim is that during the initial infection process the malware has to ask for permission to access the Desktop and Documents folders. If you see such activity and it is unexpected, I suggest you stop the install and get someone to check your system.

Clive Catton MSc (Cyber Security) – by-line and other articles