Atomic Stealer infects macOS via illegitimate software



The Atomic Stealer malware still relies on users installing fake software with a payload hidden in the .dmg file, but it is evolving to get harder to detect.

Atomic Stealer hides in illegitimate software downloads, gets into macOS through user error, and stays hidden using scripts while it steals sensitive data. It’s a relatively new malware identified in 2023, but now it is evolving to be harder to detect.

Atomic Stealer targets files associated with installed crypto-wallet extensions and applications, browser data, system info, and passwords. The first prompt the malware presents to the user is a fake dialog box asking for the macOS system password.

The user downloads the illegitimate application, attempts to install it, is presented with instructions on bypassing macOS Gatekeeper and signature checks, and then installs. The fix is simple — only install apps from the App Store or trusted sources, and don’t listen to an app installer that asks you to bypass protections.

Source link