1/16/2024 0 Comments For android instal ATOMIC![]() Information about these libraries, the tradeoffs involved, and how to use them. (The story has been updated after publication to include details of a new variant discovered by SentinelOne.The NDK supports multiple C++ runtime libraries. "As many Mac devices lack good external security tools that can provide both visibility and protection, there is plenty of opportunity for threat actors to develop and market tools to aid cybercriminals." "Infostealers targeted at Mac users have become increasingly viable for threat actors now that Macs have reached widespread use in organizations, both for work and personal use," SentinelOne researcher Phil Stokes said. ![]() Instead, it opts to steal as much information as possible in what's a smash-and-grab attack. The identity of the threat actor behind Atomic Stealer is currently unknown.Īnother significant trait of Atomic Stealer is its lack of persistence mechanism due to a macOS Ventura feature that alerts users when new apps or services are added to the list of "login items" that are automatically executed when the device starts. The new version masquerades as a game installer and incorporates a "larger number of functions focusing on Firefox and Chromium browsers" but at the same time leverages game-related lures to target cryptocurrency users.Īdditionally, the presence of grammatical and spelling errors is an indication that the developer's first language is likely not English. SentinelOne, in a follow-up analysis published earlier this week, disclosed details of a previously unreported second variant of Atomic Stealer and the use of Google Ads as a distribution vector for the malware. The development is another sign that macOS is increasingly becoming a lucrative target beyond nation-state hacking groups to deploy stealer malware, making it imperative that users only download and install software from trusted sources, enable two-factor authentication, review app permissions, and refrain from opening suspicious links received via emails or SMS messages. The ZIP file of the compiled information is then sent to pre-configured Telegram channels. "Malware such as the Atomic macOS Stealer could be installed by exploiting vulnerabilities or hosting on phishing websites," Cyble noted.Ītomic then proceeds to harvest system metadata, files, iCloud Keychain, as well as information stored in web browsers (e.g., passwords, autofill, cookies, credit card data) and crypto wallet extensions, all of which are compressed into a ZIP archive and sent to a remote server. Other samples unearthed by the MalwareHunterTeam have been distributed as " Photoshop CC 2023.dmg" and " Tor Browser.dmg." The Atomic stealer artifact, submitted to VirusTotal on April 24, 2023, also bears the name "Notion-7.0.6.dmg," suggesting that it's being propagated as the popular note-taking app. The initial intrusion vector used to deliver the malware is immediately not clear, although it's possible that users are manipulated into downloading and executing it under the guise of legitimate software. The malware takes the form of an unsigned disk image file (Setup.dmg) that, when executed, urges the victim to enter their system password on a bogus prompt to escalate privileges and carry out its malicious activities - a technique also adopted by MacStealer. From USER to ADMIN: Learn How Hackers Gain Full Controlĭiscover the secret tactics hackers use to become admins, how to detect and block it before it's too late.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |