atomic stealer web panel, via @phd_phuc on twitter

New MacOS Malware Targeting Crypto Extensions and Apps

By RJ Jenson | AnarchoCrypto | 5 May 2023

Atomic MacOS Stealer, also called AMOS, is a new infostealer malware that has been making the rounds on the Telegram social network lately. It is an actively developed project, which the most recent update published on April 15th, 2023, and at the time of writing only half of the available antivirus engines can detect it. It targets saved password information and specifically goes after cryptocurrency apps, both desktop and browser extensions.

The malware is sold as a subscription via Telegram at $1,000 per month. Subscribers gain access to the web panel, a MetaMask bruteforce, the .dmg file (which individual users are responsible for distributing), and access to stolen information which is sent out via Telegram.

When the file is first accessed, it opens a fake prompt to collect the victim’s Keychain master password. From there, the Atomic Stealer can gain access to saved autofills, usernames and passwords, and credit cards. It also specifically targets cryptocurrency apps, namely Atomic Wallet (no relation), Binance, Electrum and Exodus as well as 50 browser extensions. The data is packed into a .zip file and sent back to the main server, then handed out to AMOS subscribers. If you were foolish enough to keep your private keys stored on your computer, you can kiss all your money goodbye.

OWN YOUR SECURITY!

We all got into cryptocurrency so we could own our money without depending on the banking system. The trade-off is that we don’t have safeties like deposit insurance or the ability to freeze a compromised account. If someone is able to get your info, like with the Atomic Stealer, you have no recourse. Your coins are your problem, so take your security into your own hands and protect your money.

  1. Keep your seed phrases OFFLINE. Write them on a physical piece of paper and keep them in a safe place. Even better, generate them offline so there’s no record of them on your device.
  2.  
  3. Use a SECURE password manager- and likewise, keep your master password OFFLINE. Change it frequently.
  4. Be careful about what you download. Even the best antivirus agents can’t catch everything.

Resources

  1. https://www.securityweek.com/new-atomic-macos-stealer-malware-offered-for-1000-per-month/
  2. https://twitter.com/phd_phuc/status/1651001139750420480
  3. https://www.bleepingcomputer.com/news/security/new-atomic-macos-info-stealing-malware-targets-50-crypto-wallets/
  4. https://www.virustotal.com/gui/file/15f39e53a2b4fa01f2c39ad29c7fe4c2fef6f24eff6fa46b8e77add58e7ac709/detection
Cryptocurrency Crypto News Atomic Wallet Bitcoin Security malware

How do you rate this article?

5
RJ Jenson
RJ Jenson

Writer of crypto stuff, humor, and music. Editor of Spud Underground, a free rock magazine. spudmedia.net

AnarchoCrypto
AnarchoCrypto

My name is RJ and this is where I write about crypto

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.
Telegram’s Pavel Durov Reportedly Leaves France Telegram’s Pavel Durov Reportedly Leaves France
cryptogod-1

cryptogod-1

16 Mar 2025
2 minute read

Solana is celebrating 5 Years of Groundbreaking Innovation Solana is celebrating 5 Years of Groundbreaking Innovation
NOWNodes

NOWNodes

12 hours ago
2 minute read

Aaahh!!! Real Monsters: The Game That Made Me Scream (in Horror and Frustration) Aaahh!!! Real Monsters: The Game That Made Me Scream (in Horror and Frustration)
soyernesto

soyernesto

10 hours ago
2 minute read