January 11, 2024 at 09:00AM
Cybersecurity researchers have found an enhanced version of the macOS information stealer, Atomic (AMOS), with updated capabilities, including payload encryption to bypass detection rules. Its cost has risen to $3,000/month with a festive promotion. Malvertising campaigns impersonating Slack and TradingView are used to distribute the malware. Caution is advised when downloading software.
Based on the meeting notes, the key takeaways are:
– The macOS information stealer “Atomic Stealer” has been updated, with its developers introducing payload encryption to bypass detection rules around mid to late December 2023.
– The malware is now being sold for a rental fee of $3,000/month, with a discount offered during Christmas at $2,000.
– The distribution campaigns for Atomic Stealer have shifted, using Google search ads impersonating Slack to deploy the malware, and a malvertising campaign leveraged a fraudulent site for the TradingView charting platform to deliver the malware.
– The new version prompts the victim to enter their system password, allowing threat actors to gather sensitive access-restricted information, and utilizes obfuscation to conceal the command-and-control server that receives the stolen information.
– It is highlighted that users should download software from trusted locations to avoid falling victim to malicious ads and decoy sites.
These are the clear takeaways from the meeting notes regarding the updated version of Atomic Stealer and the associated malvertising and cyber attacks.