![]() ![]() Once executed, it will keep prompting for the user password in a never ending loop until victims finally relent and type it in.”įinally, the attacker starts exfiltrating data: passwords from browsers or keychain, autofills, user information, crypto wallets, files, and cookies. “The malware is bundled in an ad-hoc signed app meaning it’s not an Apple certificate, so it cannot be revoked. “Unlike regular apps, it does not need to be copied into the Mac’s Apps folder but is simply mounted and executed,” Segura noted. The downloaded file (TradingView.dmg) comes with instructions on how to open it. ![]() The victims aren’t aware of this, but the opening process aims to bypass Gatekeeper, macOS’security feature that enforces code signing and verifies downloaded applications. The downloaded macOS stealer instructs users on how to open the file. The page has three download buttons: the Windows and Linux one trigger the download of a RAT from Discord, and the macOS one downloads the Atomic Stealer from a third-party site. ![]() Potential victims are redirected by a malicious ad to a phishing site mimicking that legitimate platform’s page. In the latest delivery campaign spotted by the researcher, the malware poses as TradingView, a popular platform and app to track financial markets. “Criminals who buy the toolkit have been distributing it mostly via cracked software downloads but are also impersonating legitimate websites and using ads on search engines such as Google to lure victims in,” says Malwarebytes researcher Jérôme Segura. The malware, which was first advertised in April 2023, is an infostealer that can grab passwords from browsers, Apple’s keychain, files, crypto wallets, and more. A newer version of the Atomic Stealer macOS malware has a new trick that allows it to bypass the operating system’s Gatekeeper, Malwarebytes researchers have discovered. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |