Atomic Stealer

Malware updated a year ago (2024-11-29T14:00:27.685Z)
Download STIX
Preview STIX
The Atomic Stealer is a type of malware that poses a significant threat to macOS devices. This malicious software infiltrates systems, often unbeknownst to the user, through suspicious downloads, emails, or websites. Once installed, it has the potential to steal personal information, disrupt operations, or hold data for ransom. A recent malvertising campaign has been identified as delivering a new version of the macOS Atomic Stealer. This campaign demonstrates the evolving nature of this threat and highlights the need for ongoing vigilance and robust cybersecurity measures. Several other macOS infostealers, such as the Atomic Stealer aka Amos, and RealStealer, have been spotted in the past year, according to SentinelOne. These variants contain Mach-O binaries that target specific browser extensions, further extending their reach and potential damage. The newly discovered variant of Atomic Stealer uses an Apple Script block that shows a high level of similarity with the second variant of RustDoor, another malware. Moreover, Cthulhu Stealer, a malware with similar functionality to Atomic Stealer, has led experts to speculate that both were likely created by the same developer. Despite macOS threats being less common than those to Windows and Linux, organizations with a significant number of macOS devices are likely at risk of having Atomic Stealer present in their environment. Data from 2022 and 2023 suggest that approximately 6% of all malware can be found on these systems. Atomic Stealer's consistent presence in Red Canary's top 10 lists throughout 2024 underscores its persistent threat. While not remarkable in itself, Atomic Stealer has paved the way for other malware like Cthulhu Stealer, which closely mimics its features, indicating the potential for future, similar threats.
Description last updated: 2024-11-01T03:02:41.928Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Amos is a possible alias for Atomic Stealer. AMOS is a malicious software (malware) specifically designed to target macOS systems. First identified in early 2023, it has been associated with campaigns such as the ClearFake campaign, which spread the AMOS information stealer across macOS devices. This malware is particularly dangerous due to it
6
Clearfake is a possible alias for Atomic Stealer. ClearFake is a malicious software, or malware, that has been identified as a significant threat to cybersecurity. Its primary method of propagation is through fake browser updates, encouraging users to copy and execute harmful PowerShell commands. This deceptive approach enables cybercriminals to in
2
Fakebat is a possible alias for Atomic Stealer. FakeBat, also known as Eugenloader and PaykLoader, is a unique malware loader that has been observed in several malvertising campaigns. The malware is often used to drop follow-up payloads such as Lumma stealer. It was first noticed on July 25, 2024, via a malicious ad for Calendly, a popular online
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Macos
Malware
Telegram
Malvertising
Infostealers
Windows
Infostealer
Maas
Malwarebytes
Safari
Encryption
Chrome
Antivirus
Payload
Linux
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Clickfix Malware is associated with Atomic Stealer. ClickFix is a malicious software (malware) that has been actively exploiting computers and devices, primarily through fake WordPress plug-ins. The malware campaign leverages these bogus plug-ins to inject JavaScript that leads to ClickFix fake browser updates. These updates use blockchain and smart Unspecified
2
Source Document References
Information about the Atomic Stealer Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Malwarebytes
10 days ago
Malwarebytes
2 months ago
Securityaffairs
2 months ago
ESET
9 months ago
Unit42
9 months ago
BankInfoSecurity
a year ago
Bitdefender
a year ago
Securityaffairs
a year ago
DARKReading
a year ago
Securityaffairs
a year ago
Securityaffairs
a year ago
Malwarebytes
2 years ago
Securityaffairs
a year ago
Securityaffairs
a year ago
Securityaffairs
a year ago
Malwarebytes
a year ago
Securityaffairs
a year ago
Malwarebytes
a year ago
Securityaffairs
a year ago
Malwarebytes
a year ago