Malicious actors are targeting Apple macOS users through deceptive ads and websites, distributing two types of stealer malware: Atomic Stealer and another variant overlapping with the Realst family. These attacks, uncovered by Jamf Threat Labs, utilize various tactics such as fake search engine ads redirecting users to counterfeit websites, which then prompt downloads of disguised disk images containing the malware. Once installed, the malware prompts users for their system passwords, facilitating the theft of sensitive information stored on their Macs.
One attack chain identified by researchers involves users searching for Arc Browser on popular search engines, leading them to bogus ads and look-alike websites serving the malicious software. Additionally, a phony website called meethub[.]gg offers supposed free group meeting scheduling software but installs another stealer malware disguised as a macOS login password prompt. These tactics underscore the increasingly sophisticated methods employed by cybercriminals to target macOS users and harvest their sensitive data.
Jamf Threat Labs warns that these attacks often masquerade as job opportunities or podcast interviews, targeting individuals in the cryptocurrency industry who may possess valuable assets. Furthermore, researchers caution that macOS environments are increasingly vulnerable to stealer attacks, with threat actors employing sophisticated anti-virtualization techniques to evade detection. As such, vigilance and robust cybersecurity measures are crucial for macOS users to safeguard against these evolving threats.
