Jamf Threat Labs has published anew report card on infostealer malwarethat targets macOS users . The report detail two malware attacks ; the first is a novel implementation of the Atomic Stealer malware , while the s involves an approach in an on-line communications tool . Both attacks steal a user ’s sensitive information , such as account usernames and word , and data point from crypto pocketbook .
Update 4/1/24 at 11 a.m. PT : Jamf responded to our interrogation about the Meethub app in the App Store : “ We do n’t presently have any reasonableness to believe the Meethub apps on Google Play and the Apple App Store are malicious . ” The Meethub section of this clause has been update .
Atomic Stealer and Arc browser-sponsored ads
After Atomic Stealer is installed , a prompt appears that says that System configurations needs to be updated for the app – which the exploiter opine is Arc web browser – to tend . The drug user is necessitate to enter the accounting parole , allowing the malware to access Keychain ’s information , which is send to the attacker ’s host .
As of this piece of writing , it appears that the malicious websites have been reported to the host service and have been taken down . cash in one’s chips to aricl or airci dot net results in a webpage with the logotype for FastPanel , a host direction shaft provide by WWW hosting military service . It ’s not known if Google has stem distribution of the malicious ad .
Meethub malware
Jamf Threat Labs also reports on an attack necessitate online meeting software system onmeethub dot gg . An attacker reaches out to a target and requests to use Meethub , which the user downloads . As with the Atomic Stealer Arc download , the exploiter is learn to use Control - click > Open to establish the package and bypass hall porter .
After installment , the user is asked to infix their bill password , which earmark the malware to get at Keychain and crypto notecase information . The data is then sent to the attacker ’s host .
Jamf ’s report on Meethub involves software system downloaded from the WWW , but there is a Meethub app in the App Store that runs on iPhones and M - series Macs ( and a Meethub app is in the Google manoeuvre computer memory ) . In a reply to Macworld ’s inquiry on this , Jamf replied , “ We do n’t currently have any cause to believe the Meethub apps on Google Play and the Apple App Store are malicious . ”
How to avoid the new infostealer attacks
Apple ’s Gatekeeper functionality forestall user from running unsigned software installers . When a exploiter double - click an installer , Gatekeeper checks for the certificate issue by Apple to developers ; the certificate tell Apple who the developer is and if it ’s blacklisted , and if the software package has been tampered with since leaving the developer for dispersion . Users can bypass Gatekeeper warnings by control condition - snap an installer and selecting Open from the pop - up carte du jour – if this method is postulate by the software developer , it ’s a red flag .
Apple releases security patches through O updates , so establish them as before long as potential is crucial . And as always , when downloading computer software , get it from trusted sources , such as the App Store ( which pull in surety checks of its software program ) or directly from the developer . Macworld has several guide to help , include a usher onwhether or not you need antivirus software program , alist of Mac viruses , malware , and Trojan , and acomparison of Mac security package .
