Sneaky Mac Malware Atomic Stealer Gets a Stealth Upgrade: Pay More, Steal More!

Beware Mac users! The sneaky Atomic info stealer just got sneakier with encryption for its holiday heist. Now fetching $3,000 a month, it’s pilfering passwords and posing as Slack in a malvertising masquerade. Always download from legit sources, or your data could be the next gift unwrapped.

Hot Take:

Well, isn’t this a holiday heart-warmer? Just when you thought your Mac was the Fort Knox of computers, along comes the Grinchy Atomic Stealer, now with shiny new encryption baubles to bypass those pesky detection rules. And at $3,000 a month, it’s the gift that keeps on taking! Remember kids, just because Santa’s gone digital doesn’t mean you should trust every software update under the tree.

Key Points:

  • The Atomic Stealer malware has been updated with payload encryption to sneak past detection.
  • Originally a bargain at $1,000 a month, it’s now tripled its asking price to $3,000, with a “holiday discount” to $2,000.
  • It targets macOS users, stealing passwords, cookies, files, and even crypto wallets.
  • Malvertising and compromised sites are the malware’s sleigh, delivering it disguised as legit software updates.
  • The malware uses fake Google search ads and a rogue Slack disk image to phish for system passwords.

Need to know more?

Deck the Halls with Boughs of Malware

Just like your family updating their Christmas lights, the folks behind Atomic Stealer gave their malware a little makeover in December 2023. But instead of twinkling LEDs, they opted for payload encryption, making it stealthier than Santa on Christmas Eve. The goal? To slide down the cybersecurity chimney undetected and pilfer all the digital cookies.

The Price of Naughty

Original Atomic Stealer must have been on a Black Friday sale, because its initial $1,000 tag is looking like chump change compared to the $3,000 ransom—er, rental—it's demanding now. But wait, there's a Christmas miracle! A festive price slash to $2,000 means that even mid-tier bad actors can stuff your digital stocking with coal. Ho-Ho-Horrible!

He Sees You When You're Surfing

The malware's M.O. isn't exactly new: it's been slithering into Macs through malvertising and compromised sites. The twist? It's now wearing a convincing Slack costume and whispering sweet nothings like "Pssst, want a free update?" But the update is free in the same way that taking candy from a stranger is "free."

'Tis the Season to Be Phishy

The updated Atomic Stealer is getting into the holiday spirit with a bit of role-play, dressing up as Google search ads and pretending to be Slack. Click, and you're greeted with a festive DMG file, asking for your system password as if it's asking for milk and cookies. Spoiler alert: giving your password to this Santa will land you on the naughty list.

Jingle Bells, Data Smells

But wait, there's myrrh! Atomic Stealer isn't just a one-trick pony; it's also sporting some fancy obfuscation to keep its command-and-control server hidden, like a digital Elf on the Shelf. And once it's got your data, it's off to the North Pole—or a dark web auction house—faster than you can say "identity theft."

So, in the spirit of giving, here's a tip from Malwarebytes' Jérôme Segura: stick to downloading software from places that don't look like they're selling knock-off reindeer games. Because in the world of cybersecurity, not every jolly man with a beard is here to give you presents—some are here to take everything. And they won't even leave a lump of coal.

Tags: Atomic Stealer, information theft, Keychain password security, macOS malware, malvertising, Malware obfuscation, NetSupport RAT