Atomic Stealer, a prominent malware-as-a-service targeting macOS, has become a significant threat due to its advanced features and active affiliate-driven campaigns. Initially emerging in April 2023, the malware has undergone regular updates, enhancing its ability to steal sensitive information such as passwords, credit card details, cryptocurrency data, and authentication cookies. Its growing popularity among cybercriminals is evident, as it ranks as the third most detected macOS malware in 2024, accounting for 9% of all detections. Recent updates have expanded its scope, allowing it to target new web browsers like Arc and Chrome Canary and cryptocurrency wallets such as Ledger Live and Wasabi.
One of the standout features of Atomic Stealer is its ability to steal seed phrases by replacing legitimate applications like Ledger Live with malicious versions. It has also added support for targeting Monero cryptocurrency, capitalizing on its ease of mining compared to Bitcoin or Ethereum. The malware’s focus on web browsers is particularly alarming, as it seeks sensitive data like autofill credentials and stored passwords. Additionally, Atomic Stealer now targets over 100 browser extensions, further increasing the risk for both individual and corporate macOS users.
The rise of Atomic Stealer reflects a shift in the macOS malware landscape, historically dominated by adware like VSearch and browser hijackers such as Genieo. Its emergence coincides with an increase in malvertising campaigns and fake browser updates, which serve as key distribution channels. These campaigns lure victims through deceptive ads or fake security update prompts, tricking them into downloading malware. Such methods have become increasingly effective as Macs gain market share and attract more attention from cybercriminals.
Experts view Atomic Stealer’s success as indicative of a broader evolution in macOS threats. The malware’s adaptability, frequent updates, and reliance on a malware-as-a-service model signal a departure from traditional macOS threats. With Apple’s growing user base and the increasing sophistication of cybercriminal tactics, the threat landscape for Mac users is changing rapidly. Atomic Stealer has set a new standard for macOS malware, posing a persistent and evolving risk to users worldwide.
Reference:
