MacOS malware: s new threat for Apple users

The recent Atomic Stealer malware for MacOS recently showed off a new ability: being able to bypass the Gatekeeper, the operating system's security feature. This discovery was made by Malwarebytes researchers, who noticed the malware update. Atomic Stealer is an infostealer designed to capture passwords, Apple keychains, files, crypto wallets and more.

Distribution method via Google ads

Criminals using this malware mostly distribute it through illegitimate or cracked software files. However, they also employ other tactics, such as disguising themselves as legitimate websites and taking advantage of ads displayed on search engines, such as Google, in order to lure victims. This was revealed by Jérôme Segura, a researcher at Malwarebytes. In a recent distribution campaign identified, the malware presented itself as the TradingView platform, which is very popular for monitoring financial markets. Potential victims were redirected by malicious ads to a phishing site that mimicked the legitimate platform's page.

Gatekeeper infection and bypass process

Within the phishing site, the page featured three download buttons. Those dedicated to Windows and Linux users activated the download of a RAT from Discord, while the one for Mac users downloaded Atomic Stealer from a third-party site. Once downloaded, the malware instructs the user how to open the file. However, the user is unaware that this process is aimed at bypassing the MacOS Gatekeeper. Unlike regular apps, malware does not have to be copied to your Mac's Apps folder, but is mounted and executed as an ad hoc signed file. Through an endless cycle of password requests, the malware convinces victims to give it up.

Rise in popularity of MacOS malware

In recent years, cybercriminals have exploited Google search ads as a tool to direct users to websites that appear legitimate but actually distribute malware. With the growing use of Mac devices by consumers and businesses, Apple machines have become an attractive target for malware authors. While Mac malware is not yet as widespread as Windows malware, the developers of the Atomic Stealer toolkit have demonstrated remarkable ability to evade detection. Therefore, it is important for users to be careful when downloading apps or programs, avoiding doing so from unofficial or untrustworthy sources such as third-party sites.