A significant threat targeting macOS users has seen a concerning upgrade. The Atomic macOS Stealer, also known as AMOS, has reportedly been updated to include a new backdoor capability.
This recent development introduces a method for the malware to achieve persistence on infected systems. Previously, while effective at data theft upon execution, the malware might not survive system reboots or user logouts without re-infection. The addition of a backdoor changes this, allowing the threat actor to maintain access and control over the compromised Mac long after the initial infection.
The stealer part of this threat is designed to exfiltrate sensitive information. This typically includes browser saved passwords and autofill data, cryptocurrency wallet details, system information, keychain data, and various files. With the new persistence feature, the malware can continuously collect and transmit this data over time without requiring further user interaction or successful re-delivery campaigns by the attacker.
This evolution makes the threat more dangerous and harder to eradicate from an infected device. Users should remain vigilant about the software they download and install, particularly from non-official sources or through suspicious advertisements. Employing reputable security software and keeping the operating system and applications updated are essential steps to mitigate the risk posed by sophisticated malware like this. The ability for attackers to maintain persistent access elevates the potential for long-term data compromise.
Source: https://www.bleepingcomputer.com/news/security/atomic-macos-infostealer-adds-backdoor-for-persistent-attacks/
