Skip to main content

Mac users hit by Atomic Stealer malware via malicious Google Search ads

This year we’ve seen a powerful new malware launch called Atomic macOS Stealer (AMOS) that specifically targets Apple users. Now in the latest development, AMOS has been found in malicious ads for Google searches. Here’s how to avoid this threat and help others do the same.

This story is supported by Mosyle, the only Apple Unified Platform. Mosyle is the only solution that fully integrates five different applications on a single Apple-only platform, allowing businesses and schools to easily and automatically deploy, manage, and protect all their Apple devices. Over 38,000 organizations leverage Mosyle solutions to automate the deployment, management, and security of millions of Apple devices daily. Request a FREE account today and discover how you can put your Apple fleet on auto-pilot at a price point that is hard to believe.

“This

The latest instance of the Atomic macOS Stealer was spotted by researchers at Malwarebytes in what is considered a “malvertising campaign.”

Malwarebytes notes that the majority of these recent malicious campaigns have targeted Windows, but the new Atomic Stealer stands out as being able to target both Windows and Mac.

As a quick refresher, once a Mac is infected with AMOS, it can steal iCloud Keychain passwords, credit card information, files, crypto wallets, and more (read more details in our previous coverage).

Here’s how the new malvertising campaign works to compromise Macs:

  • Malicious ads for Google searches target Mac users
  • Phishing sites trick victims into downloading what they believe is the app they want
  • The malware is bundled in an ad-hoc signed app so it cannot be revoked by Apple
  • The payload is a new version of the recent Atomic Stealer for OSX (macOS)

To get around Google’s ad quality checks, Malwarebytes believes threat actors are using compromised ad accounts to buy the ads that lead to phishing sites.

For a detailed look at the mechanics of this malvertising campaign, check out the full post from Malwarebytes.

How to protect against Atomic macOS Stealer

The good news is this specific attack is very preventable…

  • Don’t download software from untrusted or unknown sources
  • Be wary if an app asks you to bypass macOS GateKeeper protections
  • If you do want to download an app outside Apple’s Mac App Store, check when the website was created

How to check your Mac for malware

If you want to do a checkup on your Mac to make sure there’s no malware or adware, Malwarebytes offers a free app (for individuals) to find and remove it.

More options include CleanMyMac X, Norton, and McAfee. Read more tips in our full guide on:

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Michael Potuck Michael Potuck

Michael is an editor for 9to5Mac. Since joining in 2016 he has written more than 3,000 articles including breaking news, reviews, and detailed comparisons and tutorials.