#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
Maximizing Efficiency and Security in Government Cloud Environments

Atomic Stealer | Breaking Cybersecurity News | The Hacker News

Category — Atomic Stealer
New Atomic macOS Stealer Campaign Exploits ClickFix to Target Apple Users

New Atomic macOS Stealer Campaign Exploits ClickFix to Target Apple Users

Jun 06, 2025 Malware / Endpoint Security
Cybersecurity researchers are alerting to a new malware campaign that employs the ClickFix social engineering tactic to trick users into downloading an information stealer malware known as Atomic macOS Stealer ( AMOS ) on Apple macOS systems. The campaign, according to CloudSEK, has been found to leverage typosquat domains mimicking U.S.-based telecom provider Spectrum. "macOS users are served a malicious shell script designed to steal system passwords and download an AMOS variant for further exploitation," security researcher Koushik Pal said in a report published this week. "The script uses native macOS commands to harvest credentials, bypass security mechanisms, and execute malicious binaries." It's believed that the activity is the work of Russian-speaking cybercriminals owing to the presence of Russian language comments in the malware's source code. The starting point of the attack is a web page that impersonates Spectrum ("panel-spectrum[....
Hackers Target macOS Users with Malicious Ads Spreading Stealer Malware

Hackers Target macOS Users with Malicious Ads Spreading Stealer Malware

Mar 30, 2024 Malware / Cryptocurrency
Malicious ads and bogus websites are acting as a conduit to deliver two different stealer malware, including Atomic Stealer, targeting Apple macOS users. The ongoing infostealer attacks targeting macOS users may have adopted different methods to compromise victims' Macs, but operate with the end goal of stealing sensitive data, Jamf Threat Labs  said  in a report published Friday. One such attack chain targets users searching for Arc Browser on search engines like Google to serve bogus ads that redirect users to look-alike sites ("airci[.]net") that serve the malware. "Interestingly, the malicious website cannot be accessed directly, as it returns an error," security researchers Jaron Bradley, Ferdous Saljooki, and Maggie Zirnhelt said. "It can only be accessed through a generated sponsored link, presumably to evade detection." The disk image file downloaded from the counterfeit website ("ArcSetup.dmg") delivers  Atomic Stealer , which i...
Atomic Stealer Gets an Upgrade - Targeting Mac Users with Encrypted Payload

Atomic Stealer Gets an Upgrade - Targeting Mac Users with Encrypted Payload

Jan 11, 2024 Malvertising / Cyber Attacks
Cybersecurity researchers have identified an updated version of a macOS information stealer called  Atomic  (or AMOS), indicating that the threat actors behind the malware are actively enhancing its capabilities. "It looks like Atomic Stealer was updated around mid to late December 2023, where its developers introduced payload encryption in an effort to bypass detection rules," Malwarebytes' Jérôme Segura  said  in a Wednesday report. Atomic Stealer  first emerged  in April 2023 for a monthly subscription of $1,000. It's capable of harvesting sensitive information from a compromised host, including Keychain passwords, session cookies, files, crypto wallets, system metadata, and the machine's password via a fake prompt. Over the past several months, the malware has been observed propagated via  malvertising  and  compromised sites  under the guise of legitimate software and web browser updates. Malwarebytes' latest analysis shows th...
cyber security

Navigating the Maze: How to Choose the Best Threat Detection Solution

websiteSygniaThreat Detection / Cybersecurity
Discover how to continuously protect your critical assets with the right MDR strategy. Download the Guide.
AI Agents and the Non‑Human Identity Crisis: How to Deploy AI More Securely at Scale

AI Agents and the Non‑Human Identity Crisis: How to Deploy AI More Securely at Scale

May 27, 2025Artificial Intelligence / Cloud Identity
Artificial intelligence is driving a massive shift in enterprise productivity, from GitHub Copilot's code completions to chatbots that mine internal knowledge bases for instant answers. Each new agent must authenticate to other services, quietly swelling the population of non‑human identities (NHIs) across corporate clouds. That population is already overwhelming the enterprise: many companies now juggle at least 45 machine identities for every human user . Service accounts, CI/CD bots, containers, and AI agents all need secrets, most commonly in the form of API keys, tokens, or certificates, to connect securely to other systems to do their work. GitGuardian's State of Secrets Sprawl 2025 report reveals the cost of this sprawl: over 23.7 million secrets surfaced on public GitHub in 2024 alone. And instead of making the situation better, repositories with Copilot enabled the leak of secrets 40 percent more often .  NHIs Are Not People Unlike human beings logging into systems, ...
ClearFake Campaign Expands to Target Mac Systems with Atomic Stealer

ClearFake Campaign Expands to Target Mac Systems with Atomic Stealer

Nov 22, 2023 SEO poisoning / Malware Analysis
The macOS information stealer known as Atomic is now being delivered to target via a bogus web browser update chain tracked as ClearFake. "This may very well be the first time we see one of the main social engineering campaigns, previously reserved for Windows, branch out not only in terms of geolocation but also operating system," Malwarebytes' Jérôme Segura  said  in a Tuesday analysis. Atomic Stealer (aka AMOS),  first documented  in April 2023, is a commercial stealer malware family that's sold on a subscription basis for $1,000 per month. It comes with capabilities to siphon data from web browsers and cryptocurrency wallets. Then in September 2023, Malwarebytes  detailed  an Atomic Stealer campaign that took advantage of malicious Google ads, tricking macOS users searching for a financial charting platform known as TradingView into downloading the malware. ClearFake, on the other hand, is a nascent malware distribution operation that employs comp...
Expert Insights Articles Videos
Cybersecurity Resources