Cybersecurity researchers have discovered an updated version of the macOS information stealer Atomic Stealer, now equipped with payload encryption to evade detection. The malware, initially available for $1,000/month, is now being rented out for $3,000/month, with a Christmas promotion offering it at a discounted price of $2,000. It is being distributed through malvertising and compromised sites, with a recent shift using Google search ads impersonating Slack to deploy the malware. Mac users are advised to download software from trusted sources to avoid falling victim to malicious ads and decoy sites.
Cybercriminals are targeting Mac users with a new proxy trojan malware, disguised as popular copyrighted macOS software available on warez sites. The malware infects computers and turns them into traffic-forwarding terminals for illegal activities. Kaspersky discovered the campaign, which offers trojanized versions of image editing, video compression, data recovery, and network scanning tools. The trojan is distributed as PKG files, which can execute scripts during installation, granting dangerous permissions. The trojan disguises itself as a legitimate system process and connects to a command and control server to receive instructions. The same infrastructure also hosts proxy trojan payloads for Android and Windows, suggesting a wide-ranging attack.
A recent report from Setapp, an app subscription service, reveals that 42% of Mac users are utilizing AI-based apps on a daily basis, with 63% believing that AI apps are more beneficial than those without AI. The survey also found that 44% of Mac app developers have already implemented AI or machine learning models in their apps, while an additional 28% are working on doing so. The report highlights the interest in AI apps among Mac users, showcasing popular AI apps such as Google's AI Bard and Bing, which integrate AI technology from OpenAI.
Mac users are being targeted by a new malvertising campaign that spreads the Atomic macOS Stealer (AMOS) malware through malicious ads on Google searches. AMOS is capable of targeting both Windows and Mac systems, and once infected, it can steal sensitive information such as iCloud Keychain passwords, credit card details, files, and crypto wallets. To protect against this threat, users are advised to avoid downloading software from untrusted sources, be cautious of apps asking to bypass macOS GateKeeper protections, and check the creation date of websites before downloading apps outside of the Mac App Store. Users can also use malware scanning tools like Malwarebytes, CleanMyMac X, Norton, or McAfee to check for and remove any malware or adware on their Macs.
