Hackers are actively targeting macOS users through malicious advertisements and fake websites, aiming to deliver two different stealer malware, including Atomic Stealer. These ongoing attacks, designed to compromise Macs, are focused on stealing sensitive data.
The attackers use various methods to trick macOS users into downloading malware. One such method involves targeting users searching for Arc Browser on search engines like Google. They serve bogus ads that redirect users to look-alike sites (“airci[.]net”) that distribute the malware.
Interestingly, the malicious website can only be accessed through a generated sponsored link, likely to evade detection. The disk image file downloaded from the fake website (“ArcSetup.dmg”) contains Atomic Stealer, which tricks users into entering their system passwords via a fake prompt to steal information.
The researcher also discovered a fake website called meethub[.]gg, claiming to offer free group meeting scheduling software but actually installing another stealer malware. This malware can harvest users’ keychain data, stored credentials in web browsers, and information from cryptocurrency wallets by tricking users into providing their macOS login password using an AppleScript call.
These attacks often target individuals in the cryptocurrency industry, promising job opportunities or podcast interviews, and asking them to download an app from meethub[.]gg to join a video conference provided in the meeting invites.
Meanwhile, the researcher revealed that malicious DMG files (“App_v1.0.4.dmg”) are being used to deploy a stealer malware that extracts credentials and data from various applications. The malware uses an obfuscated AppleScript and bash payload from a Russian IP address to trick users into providing system passwords.
These findings highlight the increasing threat to macOS environments from stealer attacks, with some strains using sophisticated anti-virtualization techniques to evade detection. Recent malvertising campaigns targeting Windows users have also been observed, pushing information stealers like Rhadamanthys through decoy sites for popular software.
To prevent falling victim to these attacks, macOS users should exercise caution when clicking on ads or links, especially those that seem suspicious or are from unfamiliar sources. It’s essential to keep your macOS system and applications up to date with the latest security patches and updates, as these often include fixes for known vulnerabilities exploited by malware. Additionally, consider using reputable antivirus software to scan for and remove any potential threats. By following these preventive measures, macOS users can significantly reduce the risk of falling victim to malicious ads spreading stealer malware.