Threat actors have introduced a new information stealer targeting Apple macOS operating systems, known as Atomic macOS Stealer (AMOS), sold on Telegram for $1,000 monthly. This malware joins the notorious ranks of similar malware, such as MacStealer.
According to a detailed report by Cyble researchers, the Atomic macOS Stealer can steal a wide range of information from the victim’s computer. That includes Keychain passwords, comprehensive system data, crypto wallet data, files from the desktop and documents folder, and even the macOS password itself.
The Atomic macOS Stealer stands out because it can extract valuable data from web browsers and cryptocurrency wallets, including Atomic, Binance, Coinomi, Electrum, and Exodus. Moreover, when threat actors purchase the stealer from its developers, they receive a ready-to-use web panel for managing their victims.
This insidious malware is delivered as an unsigned disk image file (Setup.dmg) that, when executed, prompts the victim to enter their system password on a fake prompt. By doing so, the malware escalates its privileges and initiates its malicious activities, a technique also employed by MacStealer.
The specific method to deliver the Atomic macOS Stealer is not immediately apparent. However, victims are likely deceived into downloading and executing the malware, believing it to be legitimate software.
The Atomic stealer artifact, submitted to VirusTotal on April 24, 2023, bears the name “Notion-7.0.6.dmg.” That indicates it may be masquerading as the well-known note-taking application. The MalwareHunterTeam has also discovered other samples distributed as “Photoshop CC 2023.dmg” and “Tor Browser.dmg.”
Cyble researchers have noted that malware like the Atomic macOS Stealer could be installed by exploiting system vulnerabilities or hosting malicious software on phishing websites.
Once installed, the Atomic macOS Stealer gathers system metadata, files, iCloud Keychain, and information stored in web browsers (such as passwords, autofill data, cookies, and credit card information) and crypto wallet extensions.
This collected data is compressed into a ZIP archive and sent to a remote server. Finally, the compiled information’s ZIP file is transmitted to pre-configured Telegram channels.
The emergence of the Atomic macOS Stealer serves as a stark reminder that macOS is increasingly becoming an attractive target for cybercriminals, not just nation-state hacking groups.
Consequently, users must take necessary precautions. That includes downloading and installing software only from trusted sources, enabling two-factor authentication, and reviewing app permissions. It is also worth avoiding suspicious links received through emails or SMS messages.
By following these guidelines and remaining vigilant, users can better protect themselves from the growing threat of advanced malware like the Atomic macOS Stealer.
The post Introducing Atomic macOS Stealer – The Newest Threat to Crypto Wallet Owners appeared first on CryptoMode.
Thailand’s Securities and Exchange Commission (SEC) is actively preparing a formal regulatory framework to support…
London, UK, 22nd January 2026, ZEX PR WIRE, In the rapidly evolving landscape of urban transportation, Sky…
In 2025, Sharjah Airport achieved the following milestones: • Expanded its route network to strengthen…
Medifakt introduces a next-generation digital health platform that combines blockchain security, AI-driven insights, and IoT…
Hong Kong, 22nd January 2026, ZEX PR WIRE, We're thrilled to welcome SlowMist as a Primary Exhibition…
Hong Kong, 22nd January 2026, ZEX PR WIRE, 麦通MSX已确认加入2026香港Web3嘉年华,将作为白金赞助商为大会提供支持。 MSX 是一个去中心化 RWA 交易平台,致力于为全球用户提供代币化美股等链上资产的现货与衍生品交易服务,目前也已上线包括苹果、特斯拉、英伟达等在内的超 200 种美股代币。 香港Web3嘉年华是由万向区块链实验室与HashKey Group联合推出的Web3活动品牌,由W3ME承办,自2023年起于每年4月在香港会议展览中心举办,聚焦行业热点话题与政策趋势,是亚洲规模最大、最受关注的Web3行业盛会之一。…