Apple users’ passwords, banking details can be stolen with malware sold on Telegram

Apple hacking malware that allows hackers to steal passwords, banking details, autofill information is being sold on Telegram. As per a report by Cyble Research and Intelligence Labs (CRIL), threat actors are selling a malware called Atomic macOS Stealer (AMOS) on messaging platform Telegram that can attack Apple users. The malware can target Apple macOS users. The new stealer malware is being advertised by the Telegram channel.

Moreover, the report said that the hacker behind this stealer is constantly improving this malware and adding new capabilities to make it more effective. The malware's most recent update was seen in a Telegram post on April 25, highlighting its latest features.

According to the report, the Atomic macOS Stealer can steal various types of information from the victim's machine, including keychain passwords, complete system information, files from the desktop and documents folder, and even the macOS password.

In addition, the malware is designed to target multiple browsers and can extract auto-fills, passwords, cookies, wallets, and credit card information. Specifically, AMOS can target cryptowallets such as Electrum, Binance, Exodus, Atomic, and Coinomi.

The threat actor also offers additional services such as a web panel for managing victims, meta mask brute-forcing to steal seed and private keys, a crypto checker, and a dmg installer, after which the logs are shared via Telegram.

These services are available for $1,000 per month.

However, the report mentioned that macOS users can protect their systems from AMOS malware by installing a .dmg file on their machines.

After installing, users will need to authenticate the installation with a user password with a fake system dialog box following installation.

Once installed, it will scan for sensitive information, which it will steal with the system password if necessary, and send to a remote server. (with inputs from IANS)