![]() Figure 1 – Telegram Post by Malware Developerįor our analysis, we have taken the sample hash (SHA256) of “Setup.dmg” as 15f39e53a2b4fa01f2c39ad29c7fe4c2fef6f24eff6fa46b8e77add58e7ac709, which is FUD (stands for “Fully Undetectable”) on Virustotal at the time of writing this analysis. These services are offered at a price of $1000 per month. The TA also provides additional services such as a web panel for managing victims, meta mask brute-forcing for stealing seed and private keys, crypto checker, and dmg installer, after which it shares the logs via Telegram. Specifically, AMOS can target cryptowallets such as Electrum, Binance, Exodus, Atomic, and Coinomi. The stealer is designed to target multiple browsers and can extract auto-fills, passwords, cookies, wallets, and credit card information. ![]() The Atomic macOS Stealer can steal various types of information from the victim’s machine, including keychain passwords, complete system information, files from the desktop and documents folder, and even the macOS password. The most recent update to the malware was highlighted in the Telegram post on April 25th, showcasing its latest features. The TA behind this stealer is constantly improving this malware and adding new capabilities to make it more effective. The malware is specifically designed to target macOS and can steal sensitive information from the victim’s machine. Cyble Research and Intelligence Labs (CRIL) recently discovered a Telegram channel advertising a new information-stealing malware called Atomic macOS Stealer (AMOS). ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |