Hackers are targeting Apple macOS users with a range of different infostealers in an attempt to obtain sensitive data and possibly money, experts warn.
A new report of cybersecurity researchers at Jamf Threat Labs found that hackers used multiple different approaches to drop the malware.
In one campaign, they created a fake download website and fake ads for a browser called Arc and pushed them through search engines.
Aimed at macOS crypto fans
“Interestingly, the malicious website cannot be accessed directly because it returns an error message,” security researchers said. “It can only be accessed via a generated sponsored link, presumably to evade detection.”
Those who land on the site and download the program will get Atomic Stealer, a well-known infostealer initially aimed at obtaining cryptocurrency wallet-related information. Since its inception, Atomic Stealer, also known as AMOS, has grown to target various operating systems and collect more information, including saved passwords and sensitive files.
In September 2023, security researchers at Malwarebytes reported on hackers duping people with promises of software cracks, loaders, and key generators to get them to download AMOS.
In a separate campaign, hackers have offered fake free group meeting software that actually downloads another infostealer based on Realst. In this campaign, victims are approached to participate in a podcast or a job interview and are invited to download the videoconferencing tool.
“These attacks often target people in the crypto industry, as such efforts can lead to large payouts for attackers,” the researchers said. “Those in the sector should be very aware that it is often easy to find public information that they are asset holders or can easily be linked to a company that places them in this sector.”