Mar 30, 2024NewsroomMalware / Cryptocurrency
Malicious ads and bogus websites are being used to deliver two different stealer malware to Apple macOS users, including Atomic Stealer.
A recent report by Jamf Threat Labs highlighted ongoing infostealer attacks on macOS users, utilizing various methods to infiltrate Macs with the aim of stealing sensitive data.
One such attack involves fake ads and websites that redirect users looking for Arc Browser to a site called “airci[.]net,” which then delivers the malware to unsuspecting victims.
Security researchers Jaron Bradley, Ferdous Saljooki, and Maggie Zirnhelt noted that the malicious website is only accessible through generated sponsored links to evade detection.
The malware, delivered through a downloaded disk image file named “ArcSetup.dmg,” prompts users to enter their system passwords through a fake prompt, enabling the theft of information.
Jamf also identified a fake website named meethub[.]gg that pretends to offer group meeting scheduling software but installs another stealer malware capable of harvesting various data from users’ devices.
Similar to Atomic Stealer, this malware prompts users for their macOS login password to carry out its malicious activities.
These attacks often target individuals in the cryptocurrency industry, with attackers using various social engineering tactics to trick victims into downloading malicious apps.
The cybersecurity division of MacPaw, Moonlock Lab, warned of malicious DMG files being used by threat actors to deploy stealer malware and extract credentials and data from applications.
MacOS environments are increasingly at risk from stealer attacks, with some strains employing sophisticated anti-virtualization techniques to avoid detection.
Recent malvertising campaigns have been observed pushing loaders such as FakeBat and Rhadamanthys through decoy sites for popular software, posing a significant threat to cybersecurity.
Follow us on Twitter and LinkedIn for more exclusive content.