(Image credit: robert coolen/Shutterstock)Īlthough your Mac comes with Apple’s own malware scanner in the form of xProtect, you still need to be careful online.įor instance, you should only download new programs or apps from established companies - or to really be on the safe side, only from the Mac App Store. This data can then be used to commit fraud or even identity theft. Once this is done, the malware sends this stolen data back to a command and control ( C&C) server controlled by the hackers behind this campaign. With your Mac’s user password in hand, the hackers behind this campaign can steal all sorts of personal and financial data from your computer. Once launched, it will keep prompting victims for their user password in a never ending loop until they finally give in. Since this installation file containing the Atomic Stealer malware isn’t signed correctly, it’s actually bundled in an ad-hoc signed app so its permissions can’t be revoked. GateKeeper is designed to enforce code signing so that only apps signed with an Apple developer signature can be installed on macOS. Instead of needing to be copied into the Apps folder on your Mac, the downloaded app impersonating TradingView comes with special instructions on how to open it in order to bypass Apple’s GateKeeper security software. While the Windows and Linux buttons download the NetSupport RAT, the Mac one downloads the Atomic Stealer malware. However, if you take a closer look at the address the ad points to, you’ll notice that there are special font characters that make it appear like the company’s actual website to the untrained eye.Ĭlicking on this ad takes potential victims to a phishing site with download buttons for Windows, Mac and Linux. More options include CleanMyMac X, Norton, and McAfee.In the example above from Malwarebytes, the ad itself impersonates the financial charting platform TradingView. If you want to do a checkup on your Mac to make sure there’s no malware or adware, Malwarebytes offers a free app (for individuals) to find and remove it. If you do want to download an app outside Apple’s Mac App Store, check when the website was created.Be wary if an app asks you to bypass macOS GateKeeper protections.Don’t download software from untrusted or unknown sources.The good news is this specific attack is very preventable… How to protect against Atomic macOS Stealer To get around Google’s ad quality checks, Malwarebytes believes threat actors are using compromised ad accounts to buy the ads that lead to phishing sites.įor a detailed look at the mechanics of this malvertising campaign, check out the full post from Malwarebytes. The payload is a new version of the recent Atomic Stealer for OSX (macOS).The malware is bundled in an ad-hoc signed app so it cannot be revoked by Apple.Phishing sites trick victims into downloading what they believe is the app they want.Malicious ads for Google searches target Mac users.Here’s how the new malvertising campaign works to compromise Macs: Malwarebytes notes that the majority of these recent malicious campaigns have targeted Windows, but the new Atomic Stealer stands out as being able to target both Windows and Mac.Īs a quick refresher, once a Mac is infected with AMOS, it can steal iCloud Keychain passwords, credit card information, files, crypto wallets, and more (read more details in our previous coverage). The latest instance of the Atomic macOS Stealer was spotted by researchers at Malwarebytes in what is considered a “malvertising campaign.” Request a FREE account today and discover how you can put your Apple fleet on auto-pilot at a price point that is hard to believe. Over 38,000 organizations leverage Mosyle solutions to automate the deployment, management, and security of millions of Apple devices daily. Mosyle is the only solution that fully integrates five different applications on a single Apple-only platform, allowing businesses and schools to easily and automatically deploy, manage, and protect all their Apple devices. This story is supported by Mosyle, the only Apple Unified Platform.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |