How to stay protected against AMOS and other malwareĬyble also shared a reminder about best practices when it comes to installing apps and broader security habits. Here is the threat actor pitching the malware on Telegram:Īfter the malware compromises a user’s information, it compresses the data into a ZIP file and sends it back to the malicious party through a C&C server URL.Ĭyble has a detailed breakdown of how the malware works in its post here. The malicious party selling the malware as a service also includes a web panel, Brute MetaMask tool, logs in Telegram with notifications, and more to buyers. It can also compromise crypto wallets including Atomic, Binance, Exodus, Electrum, MetaMask, and many more. If installed, AMOS can compromise a long list of items including iCloud Keychain passwords the macOS system password cookies, passwords, and credit card details from Chrome, Firefox, Brave, Edge, Opera, and more. Notably, Cyble didn’t mention macOS Gatekeeper as offering protection for the new AMOS in its technical analysis, so it could prove more dangerous than MacStealer. The threat actor marketing it is regularly updating the malware and is charging $1,000/month for it. With the MacStealer malware that we saw in March, it indeed was powerful but is likely a lower risk overall because macOS Gatekeeper should block it from being installed.Ĭyble Research & Intelligence Labs (via MacRumors) recently found the new Atomic macOS Stealer (AMOS) malware as it was advertised for sale on Telegram. But even though it’s more likely to affect Windows and Linux, threat actors are actively designing malware specifically for macOS and it’s important to stay diligent. In the latter, results showed just 6% of all malware impacted Macs. This year we’ve seen a report from Malwarebytes covering the state of malware on Mac as well as another study from Elastic Security Labs. Now a new malware called Atomic macOS Stealer is being sold as a service to malicious parties that may be more threatening. See Open an app by overriding security settings.Back in March, we saw a piece of malware surface for macOS called MacStealer that’s able to compromise iCloud Keychain passwords, credit card information, files, and more. An alert appears when you first try to open these files. Of course, not all files like this are unsafe, but you should exercise caution when opening any such downloaded file. Scripts, web archives, and Java archives have the potential to cause harm to your system. In addition to apps, other types of files may not be safe. macOS checks the app before it opens the first time to be certain it hasn’t been modified since the developer shipped it. If problems occur with an app, Apple can revoke its authorization. Identified developers are registered with Apple and can optionally upload their apps to Apple for a security check. If there’s ever a problem with an app, Apple removes it from the Mac App Store.Īpp Store and identified developers: Allows apps from the Mac App Store and apps from identified developers. All the developers of apps in the Mac App Store are identified by Apple, and each app is reviewed before it’s accepted. Go to Security, click the pop-up menu next to “Allow applications downloaded from,” then choose the sources from which you’ll allow software to be installed:Īpp Store: Allows apps only from the Mac App Store. On your Mac, choose Apple menu > System Settings, then click Privacy & Security in the sidebar. Get started with accessibility features. ![]() ![]() Use Sign in with Apple for apps and websites.Watch and listen together with SharePlay.Share and collaborate on files and folders.Sync music, books, and more between devices.Make and receive phone calls on your Mac.Use one keyboard and mouse to control Mac and iPad.Use Live Text to interact with text in a photo.Make text and other items on the screen bigger.Install and reinstall apps from the App Store.
0 Comments
Leave a Reply. |