Atomic Stealer - Mac OS malware that targets crypto wallets

[Jating]

We have been talking about using Mac OS or even Unix flavored for our crypto activities because using Windows based are very dangerous as malwares can easily spread with this OS. However, recently, there was a info-stealer, known as Atomic Stealer.

So the threat actor leveraged everything when someone searches for

Code:

Arc Browser

And then it will redirect them to a fake site

Code:

airci[.]net

.

It will ask you to download the installer,

Code:

ArcSetup.dmg

that contains the Atomic Stealer.

Other supported actions of the stealer include:

• collection of usernames and passwords from browser login data
• the ability to pull credit card details
• stealing data from a list of installed crypto wallets, among which are Ledger and Trezor

Although Ledger has blocked it, still we are not sure what is the extend of this malware as it could targets a lot of crypto wallets.



So again, we are not really safe in the world that we live-in. Hackers and criminals are evolving to author malware that will target any OS today and in the future.
https://www.jamf.com/blog/infostealers-pose-threat-to-macos/

[1714578123]

1714578123

[1714578123]

1714578123

[1714578123]

1714578123

[1714578123]

1714578123

[Porfirii]

<...>

Wow! thanks for the interesting news Jating.

You're right, we usually think that using OS different from Windows we are almost invulnerable, but every day is a zero day now.

About infecting Ledger and Trezor apps, as long as the key is not there, there is no risk of loosing funds, unless you connect the device, isn't it?

[BitMaxz]

That is why we must avoid clicking on links from Google or Bing Ads because most ads these days are phishing crypto sites that can steal your wallet funds not only on MacOS but also on other devices such as phones and Windows OS. Even if you are a Linux user, if you are unfamiliar with phishing sites, you may fall victim to this trap.

I always use a VPN to block all these ads. I also use uBlock and Antivirus to protect my PC from virus and malware attacks. Also, whenever I visit a legitimate website, I double or triple check the URL I type before I proceed to do anything on the site.

[Bitcoin_Arena]

Like they always say. “No system is 100% secure” The hackers are smart, and they know that people “trust” macOS and Linux more than Windows and Android and so will look for a way of creating malware for such Operating systems too
It's a very bad security practice to completely let one's guard down just because they think they are using a purported secure operating system.

That being said. uBlock Origin has really done me a huge service to block all those unnecessary ads from my browsing results.

[PX-Z]

About infecting Ledger and Trezor apps, as long as the key is not there, there is no risk of loosing funds, unless you connect the device, isn't it?

There is no information about this on how atomic stealer can steal those data from these HW. But i'm guessing it's only possible in the installed software like ledger live and trezor suit since there's no way those hardware can be infected with malware.

That being said. uBlock Origin has really done me a huge service to block all those unnecessary ads from my browsing results.

The same thing here, although i'm always checking things in google search page and making sure that i didn't click sponsored ad in the top.

[Dave1]

Like they always say. “No system is 100% secure” The hackers are smart, and they know that people “trust” macOS and Linux more than Windows and Android and so will look for a way of creating malware for such Operating systems too
It's a very bad security practice to completely let one's guard down just because they think they are using a purported secure operating system.

Right, it seems that they are one step of the game, although majority of us here remain vigilant or at least learn our lessons and educate ourselves, but there are moments wherein there could be mental lapses and so we might see ourselves trap and falling for this scams.

That being said. uBlock Origin has really done me a huge service to block all those unnecessary ads from my browsing results.

One of the best, and there is also MetaMask blocking known scam sites and they are very quick at updating their list. In this case, since this website is not secure, it automatically block by our browsers already.

[btc_angela]

That is why we must avoid clicking on links from Google or Bing Ads because most ads these days are phishing crypto sites that can steal your wallet funds not only on MacOS but also on other devices such as phones and Windows OS. Even if you are a Linux user, if you are unfamiliar with phishing sites, you may fall victim to this trap.

Yes, but I think the post is about MacOS and it's supposedly security strength. But now hackers were able to break it as well and use sort of the normal attack of downloading a installer and MacOS can't detect whether it has malware or not.

I always use a VPN to block all these ads. I also use uBlock and Antivirus to protect my PC from virus and malware attacks. Also, whenever I visit a legitimate website, I double or triple check the URL I type before I proceed to do anything on the site.

Anti virus should be updated, but I don't think that it can really detect everything. Our best weapon is education and aware, practice safety and security. Like know the current attack vector like this one.

[Yamane_Keto]

• collection of usernames and passwords from browser login data
• the ability to pull credit card details
• stealing data from a list of installed crypto wallets, among which are Ledger and Trezor

This is another reason not to use the browser to remember sensitive data, it is better to encrypt passwords in a file or use an open source password manager.

There is no information about this on how atomic stealer can steal those data from these HW. But i'm guessing it's only possible in the installed software like ledger live and trezor suit since there's no way those hardware can be infected with malware.

I think the report means Ledger and Trezor Extension, and since a fake version of the web browser was downloaded, all the extensions in it will inevitably be unsafe.

[dkbit98]

I see this Atomic Stealer malware is spreading over ads, that is most likely going to be g00gle ads, so I suggest using good adblocker like uBlock Origin, or have DNS based ad blocking.
I have no idea how so many people are able to use internet with all those ads, not only it's a big distraction but they can be dangerous.

[Uhwuchukwu53]

Like they always say. “No system is 100% secure” The hackers are smart, and they know that people “trust” macOS and Linux more than Windows and Android and so will look for a way of creating malware for such Operating systems too
It's a very bad security practice to completely let one's guard down just because they think they are using a purported secure operating system.

That being said. uBlock Origin has really done me a huge service to block all those unnecessary ads from my browsing results.

Reality is not far from your statement, what baffled me is how they strategizes to ensure they achieve their aim, one must always apply caution and also improve in safety as the hacker or scammers are not limiting themselves to strategize so should users of the items liable to hack increase their knowledge to avoid victim.

I know is not easy as there remain some laspse that may occur most time but smartness is very important and avoiding many unknowns app or those that act as virus interrupting a download can help because some scammers uses those app to traps people details that help them. Another important area is unknown exchange requiring your KYC should be avoided for the hack or scammers sake.