New Atomic Stealer malware variant is harder to detect on macOS

Atomic Stealer infects macOS using illegal software

Atomic Stealer malware still relies on that users install fake software using a payload hidden in a .dmg file, but it is becoming increasingly difficult to detect.

Atomic Stealer hides in illegal software downloads, infiltrates macOS through user error, and remains hidden through scripts while stealing sensitive data. This is a relatively new malware, discovered in 2023, but is now becoming increasingly difficult to detect.

According to Bitdefender, the new variant of Atomic Stealer is detected during regular scans to detect malware in the wild. This version does not appear to be widely used as it is in surprisingly small files of around 1.3MB.

The new option uses Python and Apple Script to perform actions to collect user data while remaining hidden. It is installed when a user downloads illegal software and installs it without bypassing the built-in digital signature verification.

The Apple Script feature is similar to a previously described malware called RustDoor. Both versions of Apple Script are focused on collecting sensitive files.

Atomic Stealer targets files associated with installed crypto wallet extensions and applications, browser data, system information and passwords. The first prompt the malware presents to the user is a fake dialog box asking for the macOS system password.

How to avoid Atomic Stealer

New variant of Atomic Stealer still installs on macOS in the same way as the previous ones. Either the user is intentionally looking for free versions of paid apps, or was accidentally redirected to a fake app website — The result is the same.

The user downloads an illegal application, attempts to install it, receives instructions on how to bypass macOS Gatekeeper and signature verification, and then installs it. It's easy to fix — Install apps only from the App Store or from trusted sources, and don't listen to app installers that ask you to bypass security.

Leave a Reply

Your email address will not be published. Required fields are marked *