Hackers are targeting Apple macOS users with a range of different infostealers in an attempt to grab sensitive data and, possibly, money, experts have warned.
A new report from cybersecurity researchers at Jamf Threat Labs found hackers were using multiple different approaches to try and drop the malware.
In one campaign, they created a fake download website and fake ads for a browser called Arc and pushed them through search engines.
Targeting macOS crypto fans
“Interestingly, the malicious website cannot be accessed directly, as it returns an error,” security researchers said. “It can only be accessed through a generated sponsored link, presumably to evade detection.”
Those that end up on the site and download the program will get Atomic Stealer, a known infostealer that was initially focused on grabbing cryptocurrency wallet-related information. Since its inception, Atomic Stealer, also known as AMOS, grew to target different operating systems, and grab more information, including stored passwords and sensitive files.
In September 2023, security researchers from Malwarebytes reported on hackers tricking people with promises of software cracks, loaders, and key generators to get them to download AMOS.
A separate campaign has seen hackers offering a fake free group meeting software which, in reality, downloads a different infostealer based on Realst. In this campaign, the victims are approached either to participate in a podcast, or in a job interview, and are invited to download the video conferencing tool.
“These attacks are often focused on those in the crypto industry as such efforts can lead to large payouts for attackers,” the researchers said. “Those in the industry should be hyper-aware that it’s often easy to find public information that they are asset holders or can easily be tied to a company that puts them in this industry.”