Cybersecurity researchers have detected an upgraded version of the macOS information stealer known as Atomic (or AMOS), suggesting an active effort by threat actors to enhance its capabilities. Malwarebytes’ Jérôme Segura reported that the update, implemented in mid to late December 2023, involved the introduction of payload encryption to evade detection measures. Initially emerging in April 2023 with a $1,000 monthly subscription, Atomic Stealer specializes in extracting sensitive information from compromised hosts, including Keychain passwords, session cookies, files, crypto wallets, system metadata, and even machine passwords through deceptive prompts.
The evolution of Atomic Stealer reflects a continuous arms race between cybersecurity experts and malicious actors seeking to stay ahead in the digital landscape. The adoption of payload encryption in the recent update demonstrates a strategic move by the developers to heighten the malware’s stealth and resilience against detection. Operating as a sophisticated threat, Atomic Stealer has been distributed over the past several months through malvertising and compromised sites, cleverly disguising itself as legitimate software and web browser updates to infiltrate unsuspecting systems.
The monetary aspect adds another layer to the threat, with Atomic Stealer initially being offered as a subscription-based service for a substantial monthly fee. This underscores the lucrative nature of cybercrime, incentivizing threat actors to continuously refine and update their tools. The report emphasizes the ongoing challenges faced by cybersecurity professionals in combating evolving threats and emphasizes the need for robust defenses to safeguard against increasingly sophisticated cyber attacks.