Don't agree to an interview if you don't want to lose your cryptocurrency.
Jamf Threat Labs discovered a new wave of attacks using malicious ads and fake websites on Apple macOS users in order to steal confidential data.
One of the attack options is aimed at users who search for the Arc Browser in Google. Ads redirect victims to visually similar malicious sites that distribute the Atomic Stealer infostiler.
It is noteworthy that access to a malicious site is possible only through a specially generated link, presumably to avoid detection. A disk image file downloaded from a fake site installs Atomic Stealer, which requires entering the user's system password through a fake request window.
In addition, a fake website was discovered that offers a program for scheduling group meetings, which actually installs another infostealer capable of collecting user keychain data, stored credentials in web browsers, and information from cryptocurrency wallets. The malware also asks the user for a password to log in to macOS by calling AppleScript to perform its malicious actions.
Malware attacks were carried out on victims under the pretext of discussing employment opportunities and interviewing them for a podcast, after which they were asked to download an app from the site to join a video conference. Infostealer attacks often target crypto industry professionals because of their large wallet balances.
The infostealer partially coincides with another styler, Realst, which was distributed through fake blockchain games and targeted Windows and macOS users.
The findings suggest that threats to macOS environments are growing, including advanced anti-virtualization techniques and detection evasion mechanisms. Recall that recently, Bitdefender specialists discovered a new version of AMOS Stealer (Atomic Stealer), one of the most common cyber threats for macOS users over the past year. At the moment, the new option is practically not detected by antivirus programs.
Jamf Threat Labs discovered a new wave of attacks using malicious ads and fake websites on Apple macOS users in order to steal confidential data.
One of the attack options is aimed at users who search for the Arc Browser in Google. Ads redirect victims to visually similar malicious sites that distribute the Atomic Stealer infostiler.
It is noteworthy that access to a malicious site is possible only through a specially generated link, presumably to avoid detection. A disk image file downloaded from a fake site installs Atomic Stealer, which requires entering the user's system password through a fake request window.
In addition, a fake website was discovered that offers a program for scheduling group meetings, which actually installs another infostealer capable of collecting user keychain data, stored credentials in web browsers, and information from cryptocurrency wallets. The malware also asks the user for a password to log in to macOS by calling AppleScript to perform its malicious actions.
Malware attacks were carried out on victims under the pretext of discussing employment opportunities and interviewing them for a podcast, after which they were asked to download an app from the site to join a video conference. Infostealer attacks often target crypto industry professionals because of their large wallet balances.
The infostealer partially coincides with another styler, Realst, which was distributed through fake blockchain games and targeted Windows and macOS users.
The findings suggest that threats to macOS environments are growing, including advanced anti-virtualization techniques and detection evasion mechanisms. Recall that recently, Bitdefender specialists discovered a new version of AMOS Stealer (Atomic Stealer), one of the most common cyber threats for macOS users over the past year. At the moment, the new option is practically not detected by antivirus programs.
