Security researchers are warning of an increase in insfo-stealing attacks targeting Apple macOS users focused on harvesting credentials and data from crypto wallets.
One of the notable incidents tracked by Jamf Threat Labs involves a stealthy attack vector known as Atomic Stealer. This malware, distributed through sponsored ads, lures unsuspecting users by posing as a legitimate web browser download. However, instead of delivering the promised software, victims download a malicious disk image file containing Atomic Stealer.
This malware employs multiple deceiving tactics, including fake password prompts, to trick users into handing over sensitive information. Notably, the malicious website hosting Atomic Stealer can only be accessed through a sponsored link, a mechanism likely aimed at evading detection.
Another info-stealing campaign observed by Jamf Threat Labs, involves a fraudulent website named Meethub.gg. Masquerading as a provider of free group meeting scheduling software, Meethub.gg is actually a front for distributing yet another strain of info-stealer malware. This malware, believed to be related to the Rust-based Realst stealer family, targets macOS users by harvesting keychain data, browser credentials, and cryptocurrency wallet information.
The modus operandi involves luring victims under false pretenses, such as job opportunities or podcast interviews, and coercing them into downloading the malicious app from Meethub.gg.
“Social engineering for the sake of crypto gain is being done by both APT groups and cybercriminals. Building rapport before infiltrating is happening more frequently on the macOS platform. Users need to remain vigilant and on alert for these types of attacks,” the researchers noted.