ADVERTISEMENT

MacOS infostealers rising sharply: stolen data putting enterprises at risk

Between the last two quarters, macOS malware detections doubled, fueled by the surge of infostealer strains designed to siphon sensitive user data, an investigation by Palo Alto Networks' Unit 42 reveals.

MacOS, infostealers

Image by Cybernews.

Ernestas Naprys
Ernestas Naprys Senior Journalist
Feb 5, 2025 Updated: 5 February 2025 1 min read
Ernestas Naprys Marcus Walsh profile Konstancija Gasaityte profile Paulius Grinkevičius B&W
Be the first to know and get our latest stories on Google News
Add us as your Preferred Source on Google.
ADVERTISEMENT
  • Atomic Stealer (AMOS): Discovered in April 2023, this malware-as-a-service is sold on illicit hacker forums. Operators usually distribute it via malicious ads (malvertising). AMOS is capable of stealing notes and documents, browser data, including passwords, cookies, and more, crypto wallets, and instant messaging data.
  • Poseidon Stealer: Considered to be a fork of Atomic Stealer. Hackers deliver it via Trojanized installers, mimicking legitimate apps. Google ads and malicious spam emails are often abused for distribution. Poseidon prompts users with a dialog box to get their password. It also gathers system information, browser passwords and cookies, crypto wallets, credentials and notes from the Notes app, Telegram data, and passwords from BitWarden and KeePassXC managers.
  • Cthulhu Stealer: Another popular malware-as-a-service propagates via malicious app installers. It prompts users to enter passwords and also collects a broad range of information. Not only does it target the data obtained by other infostealers, but Cthulhu also gathers files with multiple extensions, FileZilla configuration files, data related to Minecraft, the gaming platform Battle.net, and more.
ADVERTISEMENT