Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Atomic macOS Malware. Show all posts
Malware attacks
Atomic macOS Malware Crypto Theft Cyber Attacks Info Stealer Info Stealing Malware leaked sensitive data Mac OS Malware attacks

Infinity Stealer Targets macOS Using ClickFix Trick and Python-Based Malware

 

A newly identified information-stealing malware, dubbed Infinity Stealer, is targeting macOS users through a sophisticated attack chain that blends social engineering with advanced evasion techniques. Security researchers at Malwarebytes report that this is the first known campaign combining the ClickFix technique with a Python-based payload compiled using the Nuitka compiler. The attack begins with a deceptive prompt designed to resemble a legitimate human verification step from Cloudflare. Victims are presented with a fake CAPTCHA and instructed to paste a command into the macOS Terminal to complete the verification. This method, known as ClickFix, tricks users into bypassing built-in operating system protections by executing malicious commands themselves. 

Once the command is executed, it decodes a hidden script that downloads and launches the next stage of the malware. The payload is compiled into a native macOS binary using Nuitka, which converts Python code into C-based executables. This approach makes the malware significantly harder to detect and analyze compared to traditional Python-based threats that rely on bytecode packaging tools. The infection chain unfolds in multiple stages. After the initial script runs, it installs a loader that extracts the final malware payload. Before initiating its malicious activities, the malware performs checks to determine whether it is running in a virtual or sandboxed environment, helping it evade detection by security tools.  

Once active, Infinity Stealer begins harvesting sensitive information from the infected system. This includes login credentials stored in Chromium-based browsers and Firefox, entries from the macOS Keychain, cryptocurrency wallet data, and plaintext secrets found in developer files such as .env configurations. It can also capture screenshots, adding another layer of data collection. The stolen information is then transmitted to attacker-controlled servers via HTTP requests. 

Additionally, notifications are sent through Telegram to alert threat actors when data exfiltration is complete, enabling real-time monitoring of compromised systems. Researchers warn that this campaign highlights the growing sophistication of threats targeting macOS, a platform often perceived as more secure. The use of social engineering combined with advanced compilation techniques demonstrates how attackers are evolving their methods to bypass traditional defenses. Users are strongly advised to avoid executing unknown commands in Terminal, especially those obtained from untrusted sources, as such actions can directly compromise system security.
Read more »
malware
Atomic macOS Malware BleepingComputer Credit Card Stealer Crytocurrency Google Chrome macOS malware

Atomic macOS Malware: New Malware Steals Credit Card Credentials in Chrome


A brand-new malware has apparently been targeting macOS. The malware, according to BleepingComputer, is named “Atomic” and was being sold to cybercriminals in darknet markets for $1,000 a month. 

A victim management UI that is simple to use and gives malicious actors access to very sensitive information, such as keychain passwords, cookies, files from local computers, and other information that may put victims in serious trouble, is provided by this ill-intentioned subscription.

What is Atomic Capable of? 

While Atomic is an information-stealing malware, it can drastically make its quarries much poorer. When cybercriminals buy Atomic, they receive a DMG file with a 64-bit Go-based malware program that can steal credit card information from browsers. This covers Yandex, Opera, Vivaldi, Microsoft Edge, Mozilla Firefox, and Google Chrome. 

After gaining access to a victim's Mac, Atomic may show a bogus password window asking users to enter their system passwords. As a result, attackers can access the target's macOS computer and cause havoc. 

Moreover, due to the activities of Atomic, cryptocurrency holders are particularly vulnerable. More than 50 well-known cryptocurrency extensions, including Metamask and Coinbase, are intended targets of this macOS malware. 

Atomic, unfortunately, has a tendency to go unnoticed. Only one malicious software detection was made by 59 anti-virus scanners. 

How can you Protect Yourself from Atomic macOS Malware? 

Thankfully, Atomic will not be hiding in any official macOS services. Atomic is disseminated by phishing emails, laced torrents, and social media posts by nefarious buyers. Some even use the influence of black SEO to lure Google users into downloading malicious software that poses as legitimate software. 

In case you are a crypto holder, it is best advised to use a well-known crypto hardware wallet in order to protect yourself from digital-asset thieves. Moreover, it has also been advised to not use software wallets, since that way valuable virtual currencies are majorly exposed. 

It has also been recommended to online users to remove their credit card information from Google Chrome by navigating to Settings > Autofill > Payment Methods. Tap on the three-dotted icons next to your credit cards and click on "Turn off virtual card." Go to pay.google.com, select Payment Methods, and then click "Remove" next to your credit cards to take things a step further.  

Read more »
Subscribe to: Posts (Atom)