Cybersecurity researchers have identified a significant rise in malware targeting macOS users, with infostealers emerging as the most prevalent threat.
These malicious programs, including Atomic Stealer, Poseidon Stealer, and Cthulhu Stealer, are designed to exfiltrate sensitive data such as passwords, financial details, and cryptocurrency wallets.
Infostealers exploit macOS’s AppleScript framework to bypass security measures and deceive users into providing credentials through fake system prompts.
This tactic enables attackers to harvest critical information, often leading to data breaches, financial losses, and reputational damage.
Key Malware Families Targeting macOS
Atomic Stealer
First identified in 2023, Atomic Stealer is distributed as malware-as-a-service (MaaS) on hacker forums and Telegram.
This malware is typically spread via malvertising campaigns and disguised as legitimate software installers.
It targets browser data, cryptocurrency wallets, instant messaging platforms like Telegram, and sensitive documents.
Atomic Stealer uses fake prompts to extract system credentials and stores stolen data for further exploitation.
Poseidon Stealer
Poseidon Stealer emerged as a fork of Atomic Stealer and gained traction in 2024.
Distributed through Trojanized installers via malicious ads and spam emails, Poseidon employs encoded AppleScript files to execute its operations.
It focuses on stealing browser cookies, passwords, cryptocurrency wallet information, and data from password managers like BitWarden and KeePassXC.
The stolen information is transmitted to attacker-controlled servers for monetization or additional attacks.
Cthulhu Stealer
Cthulhu Stealer operates similarly but with an expanded target range.
Distributed via fake software installers such as “CleanMyMac,” it deceives users with prompts requesting system or cryptocurrency wallet passwords.
This malware collects browser credentials, keychain data, Telegram files, and even gaming-related information from platforms like Battle.net and Minecraft.
Stolen data is stored locally before being uploaded to a command-and-control server.
The surge in macOS-targeted malware highlights the evolving tactics of cybercriminals who are increasingly exploiting the platform’s growing adoption in corporate environments.
Infostealers not only compromise sensitive information but also serve as entry points for more severe threats like ransomware.
To combat these threats, security experts recommend implementing multi-layered defense strategies that include:
- Restricting AppleScript permissions
- Enhancing endpoint detection capabilities
- Conducting user training on phishing and social engineering risks
- Regularly updating software to patch vulnerabilities
A report by Palo Alto Networks’ Unit 42 revealed a staggering 101% increase in macOS infostealer activity during the second half of 2024, underscoring the growing vulnerability of Apple’s operating system.
The rise of infostealers serves as a stark reminder that no operating system is immune to cyberattacks. Proactive measures are essential to safeguard sensitive data against these rapidly evolving threats.
