This year we’ve seen a powerful new malware launch called Atomic macOS Stealer (AMOS) that specifically targets Apple users. Now in the latest development, AMOS has been found in malicious ads for Google searches. Here’s how to avoid this threat and help others do the same.
This story is supported by Mosyle, the only Apple Unified Platform. Mosyle is the only solution that fully integrates five different applications on a single Apple-only platform, allowing businesses and schools to easily and automatically deploy, manage, and protect all their Apple devices. Over 38,000 organizations leverage Mosyle solutions to automate the deployment, management, and security of millions of Apple devices daily. Request a FREE account today and discover how you can put your Apple fleet on auto-pilot at a price point that is hard to believe.
The latest instance of the Atomic macOS Stealer was spotted by researchers at Malwarebytes in what is considered a “malvertising campaign.”
Malwarebytes notes that the majority of these recent malicious campaigns have targeted Windows, but the new Atomic Stealer stands out as being able to target both Windows and Mac.
As a quick refresher, once a Mac is infected with AMOS, it can steal iCloud Keychain passwords, credit card information, files, crypto wallets, and more (read more details in our previous coverage).
Here’s how the new malvertising campaign works to compromise Macs:
- Malicious ads for Google searches target Mac users
- Phishing sites trick victims into downloading what they believe is the app they want
- The malware is bundled in an ad-hoc signed app so it cannot be revoked by Apple
- The payload is a new version of the recent Atomic Stealer for OSX (macOS)
To get around Google’s ad quality checks, Malwarebytes believes threat actors are using compromised ad accounts to buy the ads that lead to phishing sites.
For a detailed look at the mechanics of this malvertising campaign, check out the full post from Malwarebytes.
How to protect against Atomic macOS Stealer
The good news is this specific attack is very preventable…
- Don’t download software from untrusted or unknown sources
- Be wary if an app asks you to bypass macOS GateKeeper protections
- If you do want to download an app outside Apple’s Mac App Store, check when the website was created
How to check your Mac for malware
If you want to do a checkup on your Mac to make sure there’s no malware or adware, Malwarebytes offers a free app (for individuals) to find and remove it.