A new macOS malware being sold on Telegram is capable of extracting autofill information, passwords, wallets, and more — but it’s easy to avoid. Here’s how.
While Mac users don’t often need to worry about malware as much as Windows users do, there are still malicious actors who target macOS. First spotted by Cyble Research, the Atomic macOS Stealer (AMOS) is a highly effective program designed to extract a wide range of information from a victim’s computer.
Data that can be stolen by AMOS includes passwords saved in the Keychain, system details, files from the desktop and documents folder, and even the macOS user password.
It is specifically tailored to target popular browsers like Firefox and Chrome. From browsers, it can effortlessly extract autofills, passwords, cookies, wallets, and credit card information.
Furthermore, it can target some of the most popular cryptowallets, such as Electrum, Binance, Exodus, Atomic, and Coinomi.
There is a web panel that comes with AMOS, which makes it simple to handle malware targets, in addition to tools for brute-forcing private keys. AMOS is currently being sold on Telegram for a monthly fee of $1,000.
How to protect yourself from AMOS
The malware requires users to install a .dmg file on their machines, and authenticate the installation with a user password with a fake system dialog box following installation. Once installed, it scans for sensitive information, which it purloins with the system password if it needs to, and sends it to a remote server.
So, as usual, common sense applies. Mac users can avoid AMOS by installing software from the Mac App Store, and avoiding installing files from unverified sources including links sent via email from questionable or unverifiable sources.
Amber worked at MacNN and Electronista from 2015 until 2017, reviewing software, apps, games, and tech accessories. In 2019, she signed up with AppleInsider, where she covers all things Apple, with a focus on tech reviews, Apple TV+ developments, and environmental concerns surrounding big tech.