A new variant of the AMOS (Atomic) Stealer malware has recently emerged, posing a significant threat to macOS users. Bitdefender’s analysis sheds light on this alarming development, revealing the malware’s sophisticated techniques and implications for both individual users and organizations.
The AMOS Stealer: A Growing Threat
The AMOS Stealer, first documented in early 2023, has rapidly become one of the most prevalent threats to macOS users. This new variant employs a combination of Python and Apple Script code to execute its malicious activities discreetly.
Data Theft and Malicious Tactics
By dropping a Python script onto the victim’s disk, the malware can gather a wide range of sensitive data, including:
- Files associated with crypto-wallet extensions
- Browser data (passwords, cookies, login data, etc.)
- Files from Desktop and Documents directories
- Hardware-related and system information
- The password of the local user account
One of the most cunning tactics employed by this malware is displaying a fake dialog that impersonates the operating system. Under the guise of a system update, it prompts users for their local account password. If entered, this password is captured and utilized for further malicious activities.
Similarities with RustDoor Backdoor
Bitdefender’s analysis of the AMOS Stealer’s code revealed significant similarities with the RustDoor backdoor. This convergence of tactics among different malware families underscores the growing sophistication of cyber threats.
Small Disk Image Files: A Stealthy Approach
The AMOS Stealer spreads through disk image files that are surprisingly small, making them less likely to raise suspicion. These files contain a FAT binary with Mach-O files for both Intel and ARM architectures, acting as a dropper for the Python script.
In summary, macOS users must remain vigilant and take necessary precautions to protect their sensitive information from this evolving threat.
Please note that this article is for informational purposes only, and users should follow best practices for cybersecurity to safeguard their systems. If you have any specific requests or additional details you’d like to include, feel free to let me know!
Reviewed by Tech Ugly
on
Monday, March 04, 2024
Rating:
No comments: