![\"\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2023\/05\/cryptocurrency-and-cookie-stealing-malware-600x400-1.jpg\")
<\/p>\n<\/p>\n
Intego is currently preparing an exclusive write-up on a new macOS data-stealer malware campaign. But while we prepare to publish that piece, we wanted to share highlights of some other recent developments regarding data-stealing malware families on the Mac.<\/p>\n
Here are some quick updates about three macOS stealer malware families: AtomicStealer, MetaStealer, and Realst Stealer.<\/p>\n
In this article:<\/em><\/p>\n According to a September 6 write-up<\/a> by J\u00e9r\u00f4me Segura, a recent Google Ads campaign appeared to have pushed AtomicStealer malware (also known as AMOS or AtomStealer).<\/p>\n The malicious Goodle Ads campaign targeted people searching for TradingView, a multi-platform app for tracking “stocks, currencies, cryptos, futures, CFDs and more.”<\/p>\n A lookalike site was set up that was nearly identical to the real TradingView Desktop download page. If victims clicked on the Windows download link, they would get an installer for Windows RAT malware called NetSupport. And if victims clicked on the Mac download link, they would get AtomicStealer instead.<\/p>\n As we mentioned in our May 2023 write-up about AtomicStealer<\/a>, it attempts to exfiltrate a lot of highly sensitive data from infected Macs. This includes passwords, stay-logged-in session cookies, and cryptocurrency wallets, among other things. Check out our previous coverage here:<\/p>\n Atomic Stealer: Thieving Mac malware sold via Telegram<\/a><\/p><\/blockquote>\n\n
\n
AtomicStealer update: a recent Google Ads campaign<\/h3>\n