February 10,2025
5 mins
Password-theft malware poses a new threat, and Mac computer users must be extra watchful. This new generation of malware builds on users’ innocence through malicious advertisements and fake app installers. Cybersecurity analysts have identified three major threats: Atomic Stealer, Poseidon Stealer, and, the latter of whom has been ironically named, Cthulhu Stealer. Each has a distinctive MO and distribution method.
Security experts at Palo Alto Networks’ Unit42 were intently monitoring these threats and warning that they are becoming increasingly sophisticated.
Let’s examine how these stealers perform better and how users can guard themselves.
Table of Contents! The Three Notorious Malware Threats How to Stay Protected Embrace AVP Suite’s Password Manager and Stay Malware Attacks-Safe! Final Thoughts! |
So, what are the effective and famous malware threats? Let’s navigate through that:
First found in April 2023, Atomic Stealer (AMOS) is a malware-as-a-service (MaaS) offered on hacker forums and Telegram. Originally written in Go, it has since been updated to C and occasionally includes Python scripts or Mach-O binaries.
Atomic Stealer mainly spreads via malvertising and focuses on exfiltrating sensitive data including:
Once launched, the malware disguises itself as a legitimate installation file trying to access the stored login credentials of Google Chrome from the “Login Data” folder.
Related Read: Mac Malware Mayhem: How 100 Million Apple Users Can Protect Data
Poseidon Stealer is believed to have been developed by “Rodrigo4,” an alleged former Atomic Stealer developer. It typically arrives as a Trojanized installer – in many cases advertised on Google or through phishing emails, impersonating legitimate apps.
During the installation, Poseidon Stealer employs an obfuscated AppleScript and asks for user passwords in order to gain access to macOS. Once access is gained, Poseidon pilfers browser passwords, crypto wallets, Telegram data and Notes files, which are sent back to the attacker-controlled server.
Cthulhu Stealer once again joins the fray, being actively sold through Telegram under the auspices of a group that calls itself the “Cthulhu Team.” It is written in Go and distributed by exploiting unprotected users by installing malicious applications.
The malware uses fake pop-up dialogs to convince the victims to insert their passwords, including MetaMask credentials. First, it saves the stolen data to the /Users/Shared/NW directory before sending it to a command-and-control server.
Read More: How IOCONTROL Malware Threatens US: Tips for Malware Safety
To counter these increasing threats, experts advise using advanced detection tools like Cortex XDR to monitor unusual AppleScript executions and detect attempts at accessing sensitive files.
Meanwhile, you can follow these measures to stay secure:
With the rise of password-stealing malware, Mac users should remain wary and take the initiative to secure sensitive information.
Struggling to Manage Your Passwords? AVP Suite’s password manager keeps them private and hassle-free Try AVP Suite for Free! |
Through unsuspecting advertisements, fake emails, or hidden in software downloads, these malware spread. However, AVP Password shields your credentials and keeps your digital identity exclusively yours.
Here’s how:
AVP Password Manager is specialized in recognizing and stopping key loggers from accessing your password while typing and auto-filling your credentials to trusted websites.
AVP Password Manager continuously scans the dark web and alerts you if your credentials are found to be part of a data breach, allowing you to take action before hackers do.
Also Read: PNGPlug Loader Spreads ValleyRAT Malware: Data Safety Tips
Storing your passwords in a secure password manager using end-to-end encryption so your data will remain safe against any leak or malware attack.
Regular security scans detect weak, reused, or compromised passwords, strengthening your email security and data protection.
AVP Total Security protects you against emerging cyber threats with advanced malware protection and a secure password manager, thus seamlessly handling your online accounts.
The cross-platform and user-friendly password manager helps generate complex passphrases and stores them easily for strong data protection, while the program provides full antivirus functionality to help you stay vigilant 24/7.
Let AVP Total Security keep your digital life secure and easy to manage in an ever-changing cyber world.
Stay one step ahead of cybercriminals—protect your credentials with AVP Password Manager today!
Password-theft malware poses a new threat, and Mac computer users must be extra watchful. This new generation of malware builds on users’ innocence through malicious advertisements and fake app installers. Cybersecurity analysts have identified three major threats: Atomic Stealer, Poseidon Stealer, and, the latter of whom has been ironically named, Cthulhu Stealer. Each has a distinctive MO and distribution method.
Security experts at Palo Alto Networks’ Unit42 were intently monitoring these threats and warning that they are becoming increasingly sophisticated.
Let’s examine how these stealers perform better and how users can guard themselves.
So, what are the effective and famous malware threats? Let’s navigate through that:
First found in April 2023, Atomic Stealer (AMOS) is a malware-as-a-service (MaaS) offered on hacker forums and Telegram. Originally written in Go, it has since been updated to C and occasionally includes Python scripts or Mach-O binaries.
Atomic Stealer mainly spreads via malvertising and focuses on exfiltrating sensitive data including:
Once launched, the malware disguises itself as a legitimate installation file trying to access the stored login credentials of Google Chrome from the “Login Data” folder.
Related Read: Mac Malware Mayhem: How 100 Million Apple Users Can Protect Data
Poseidon Stealer is believed to have been developed by “Rodrigo4,” an alleged former Atomic Stealer developer. It typically arrives as a Trojanized installer – in many cases advertised on Google or through phishing emails, impersonating legitimate apps.
During the installation, Poseidon Stealer employs an obfuscated AppleScript and asks for user passwords in order to gain access to macOS. Once access is gained, Poseidon pilfers browser passwords, crypto wallets, Telegram data and Notes files, which are sent back to the attacker-controlled server.
Cthulhu Stealer once again joins the fray, being actively sold through Telegram under the auspices of a group that calls itself the “Cthulhu Team.” It is written in Go and distributed by exploiting unprotected users by installing malicious applications.
The malware uses fake pop-up dialogs to convince the victims to insert their passwords, including MetaMask credentials. First, it saves the stolen data to the /Users/Shared/NW directory before sending it to a command-and-control server.
Read More: How IOCONTROL Malware Threatens US: Tips for Malware Safety
To counter these increasing threats, experts advise using advanced detection tools like Cortex XDR to monitor unusual AppleScript executions and detect attempts at accessing sensitive files.
Meanwhile, you can follow these measures to stay secure:
With the rise of password-stealing malware, Mac users should remain wary and take the initiative to secure sensitive information.
AVP Suite’s password manager keeps them private and hassle-free
Try AVP Suite for Free!Through unsuspecting advertisements, fake emails, or hidden in software downloads, these malware spread. However, AVP Password shields your credentials and keeps your digital identity exclusively yours.
Here’s how:
AVP Password Manager is specialized in recognizing and stopping key loggers from accessing your password while typing and auto-filling your credentials to trusted websites.
AVP Password Manager continuously scans the dark web and alerts you if your credentials are found to be part of a data breach, allowing you to take action before hackers do.
Also Read: PNGPlug Loader Spreads ValleyRAT Malware: Data Safety Tips
Storing your passwords in a secure password manager using end-to-end encryption so your data will remain safe against any leak or malware attack.
Regular security scans detect weak, reused, or compromised passwords, strengthening your email security and data protection.
AVP Total Security protects you against emerging cyber threats with advanced malware protection and a secure password manager, thus seamlessly handling your online accounts.
The cross-platform and user-friendly password manager helps generate complex passphrases and stores them easily for strong data protection, while the program provides full antivirus functionality to help you stay vigilant 24/7.
Let AVP Total Security keep your digital life secure and easy to manage in an ever-changing cyber world.
Stay one step ahead of cybercriminals—protect your credentials with AVP Password Manager today!
AVP Suite shields your passwords from threats while simplifying access
Claim Your Free Trial!