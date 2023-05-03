We have seen companies offering SaaS (Software as a Service) to potential corporate clients such as banks, customer care enterprises, and business establishments, but now cybercriminals are working on a similar model offering malware to the highest bidders.

Renowned cyber security firm Cyble Research and Intelligence Labs (CRIL) have uncovered a thriving malware market on the Telegram messenger platform. The bad actors are apparently selling Atomic macOS Stealer (AMOS). As the name implies, it is developed to break macOS and steal sensitive information from the victim’s Apple Mac devices.

AMOS is capable of retrieving sensitive information such as keychain passwords, and complete system information. It can go through the system undetected to look into files and documents folder, and even the macOS password.

That's not all, it can even log keystrokes of users while scrolling the internet via the browser, it can lift user IDs and passwords from auto-fill forms, cookies, wallets, and credit or debit card information stored in the browser app.

Cyble noted that AMOS will specifically target crypto wallets such as Electrum, Binance, Exodus, Atomic, and Coinomi.

As said before, Threat Actors selling the AMOS is not just a standalone malware, but offer subscription-like service for $1000 a month. Based on requirements, they will offer more features too.

This is an alarming issue, as macOS is much safe compared to any other platforms in the industry. Mac device owners are advised not to install any software outside the Apple App Store or from any third-party store or any unknown website.

Also, users should exercise caution while clicking any website link on SMS or any messages or email even from known or unknown persons.

And, as a precautionary measure, install an anti-virus application from a known publisher.