Threat actors have deployed a new malvertising campaign leveraging a fraudulent TradingView ad on Google search to facilitate the distribution of an updated version of the macOS information-stealing malware Atomic Stealer, also known AMOS, The Hacker News reports.
Such an ad redirects to a website with options to download the software for various operating systems, and while both Windows and Linux download links prompt the download of an MSIX installer deploying NetSupport RAT, clicking the macOS download link triggers the download of an updated Atomic Stealer that seeks to exfiltrate iCloud Keychain- and browser-stored data in addition to user files, according to a Malwarebytes report.
The new infostealer has been touted to have Gatekeeper protection evasion capabilities and comes amid the increasing prevalence of macOS-targeted stealers.
"While Mac malware really does exist, it tends to be less detected than its Windows counterpart. The developer or seller for AMOS actually made it a selling point that their toolkit is capable of evading detection," said Malwarebytes Director of Threat Intelligence Jerome Segura.
