A new variant of macOS malware has been discovered, with attackers using Google search as a vector to deliver the malicious payload. The malware, called Atomic macOS Stealer (AMOS), first emerged in April and was being sold on Telegram for $1,000 per month. AMOS is designed to collect sensitive data such as passwords, cryptocurrency, and files from infected systems.

Researchers at Malwarebytes have found that AMOS is being delivered to unsuspecting users through a Google ad scheme. The ads appear legitimate and are paid for, but they disguise themselves as the websites or software that users are searching for. This attack takes advantage of users’ trust in Google’s search results, as the ads appear at the top of the page and are labeled with Google’s ad stamp of approval. This leads users to click through without carefully inspecting the URLs or domain owners.

Once the user clicks on the ad, they are directed to a seemingly normal page that closely resembles the expected website. The attackers create a near-perfect clone, tricking users into downloading the software. AMOS bypasses the normal installation process through Gatekeeper by being an ad-hoc signed app. Users are instructed to right-click and open the software from the mounted .dmg file.

After opening the file, a fake prompt for the system password repeatedly appears until the user enters their password. At this point, AMOS starts harvesting data from the user’s Keychain, file system, and crypto wallets, sending it to the malware operator.

To protect yourself from AMOS and similar attacks, it’s important to exercise caution when downloading software from the internet. Pay attention to the URL and be wary of suspicious domain names. The Mac App Store is generally a safer option for Mac users. When interacting with Google search results, carefully check the URL you’re directed to and inspect the software installer itself. Be cautious of any software that asks to bypass Gatekeeper and demands to be opened from the installer image. Additionally, be cautious of any unexpected requests for your system password, especially after installing new software. Examine the dialog for any design irregularities or typos.

It’s crucial to stay vigilant and follow these security practices to avoid falling victim to malicious ads and malware like AMOS.

Սահմանումներ:

– macOS malware: Malicious software specifically targeting Apple’s operating system, macOS.

– Vector of attack: The method or path through which an attack is carried out.

– Payload: The malicious component of malware that performs harmful actions.

– Pop-ups: Small windows or dialog boxes that appear on a computer screen, usually containing advertisements or alerts.

– Siphons off: Stealthily collects or extracts.

– Ad-hoc signed app: An application that is quickly signed and distributed without going through the standard approval process.

– Gatekeeper: A security feature in macOS that ensures only trusted software is installed on a user’s system.

– Keychain: A password management system in macOS that securely stores passwords and other sensitive data.

Աղբյուրները `

– Malwarebytes: Researchers discover a macOS malware variant being delivered through Google search ads