Atomic Stealer

Malware updated a month ago (2024-11-29T14:00:27.685Z)

Download STIX

Preview STIX

The Atomic Stealer is a type of malware that poses a significant threat to macOS devices. This malicious software infiltrates systems, often unbeknownst to the user, through suspicious downloads, emails, or websites. Once installed, it has the potential to steal personal information, disrupt operations, or hold data for ransom. A recent malvertising campaign has been identified as delivering a new version of the macOS Atomic Stealer. This campaign demonstrates the evolving nature of this threat and highlights the need for ongoing vigilance and robust cybersecurity measures. Several other macOS infostealers, such as the Atomic Stealer aka Amos, and RealStealer, have been spotted in the past year, according to SentinelOne. These variants contain Mach-O binaries that target specific browser extensions, further extending their reach and potential damage. The newly discovered variant of Atomic Stealer uses an Apple Script block that shows a high level of similarity with the second variant of RustDoor, another malware. Moreover, Cthulhu Stealer, a malware with similar functionality to Atomic Stealer, has led experts to speculate that both were likely created by the same developer. Despite macOS threats being less common than those to Windows and Linux, organizations with a significant number of macOS devices are likely at risk of having Atomic Stealer present in their environment. Data from 2022 and 2023 suggest that approximately 6% of all malware can be found on these systems. Atomic Stealer's consistent presence in Red Canary's top 10 lists throughout 2024 underscores its persistent threat. While not remarkable in itself, Atomic Stealer has paved the way for other malware like Cthulhu Stealer, which closely mimics its features, indicating the potential for future, similar threats.

Description last updated: 2024-11-01T03:02:41.928Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Amos is a possible alias for Atomic Stealer. AMOS is a malicious software (malware) specifically designed to target macOS systems. First identified in early 2023, it has been associated with campaigns such as the ClearFake campaign, which spread the AMOS information stealer across macOS devices. This malware is particularly dangerous due to it	5
Clearfake is a possible alias for Atomic Stealer. ClearFake is a malicious software, or malware, that has been identified as a significant threat to cybersecurity. Its primary method of propagation is through fake browser updates, encouraging users to copy and execute harmful PowerShell commands. This deceptive approach enables cybercriminals to in	2
Fakebat is a possible alias for Atomic Stealer. FakeBat, also known as Eugenloader and PaykLoader, is a unique malware loader that has been observed in several malvertising campaigns. The malware is often used to drop follow-up payloads such as Lumma stealer. It was first noticed on July 25, 2024, via a malicious ad for Calendly, a popular online	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Macos

Malware

Malvertising

Windows

Infostealers

Encryption

Safari

Chrome

Antivirus

Payload

Linux

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Atomic Stealer Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
BankInfoSecurity	2 months ago	Mac Malware Threat: Hackers Seek Cryptocurrency Holders
Bitdefender	3 months ago	When Stealers Converge: New Variant of Atomic Stealer in the Wild
Securityaffairs	5 months ago	New malware Cthulhu Stealer targets Apple macOS users
DARKReading	5 months ago	Infostealers Waltz Through macOS to Grab Crypto Wallets, Browser Creds
Securityaffairs	5 months ago	SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
Securityaffairs	5 months ago	security-affairs-malware-newsletter-round-5
Malwarebytes	a year ago	Atomic Stealer rings in the new year with updated version
Securityaffairs	6 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	6 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	6 months ago	Security Affairs Malware Newsletter - Round 2
Malwarebytes	6 months ago	Fake Microsoft Teams for Mac delivers Atomic Stealer \| Malwarebytes
Securityaffairs	6 months ago	Security Affairs Malware Newsletter - Round 1
Malwarebytes	6 months ago	A week in security (June 24 - June 30) \| Malwarebytes
Securityaffairs	6 months ago	Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Malwarebytes	7 months ago	'Poseidon' Mac stealer distributed via Google ads \| Malwarebytes
Securityaffairs	7 months ago	Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
DARKReading	7 months ago	'Vortax' Meeting App Builds Elaborate Branding, Spreads Infostealers
Securityaffairs	7 months ago	Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	8 months ago	Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	8 months ago	Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION