Keylogger features have been incorporated into a new version of the Atomic Stealer macOS malware, which is also referred to as AMOS.
Keyloggers are software programs designed to capture and save every keystroke made on a computer. If an employee of a company accidentally installs the AMOS malware on their personal devices used for work (BYOD), the keylogger component will save all typed information, including usernames, passwords, bank account details, credit card numbers, and social media accounts. It is concerning that keyloggers can record all keystrokes, even those that are not visible on the screen.
According to SC Media, the enhanced version of AMOS now has the capability to collect Safari browser cookies, which aids in the more efficient extraction of hardware information, passwords, and encryption keys. Additionally, the new AMOS malware has incorporated various functionalities to enable the theft of browser data and assets from cryptocurrency wallets such as Atomic, Exodus, Coinomi, and Electrum. Furthermore, the operators of AMOS have taken measures to reinforce its resistance against detection and analysis.
The latest version utilizes a Python script and Apple Script to execute tasks for gathering user data covertly reports Apple Insider. It gets installed when a user downloads unauthorized software and installs it without going through the built-in digital signature verification process. Although AMOS continues to depend on users installing counterfeit software with a hidden payload in the .dmg file, it is becoming increasingly challenging to identify.
Data Breach Causing Malware
The data breach causing malware is concealed within unauthorized software downloads, infiltrates macOS due to user mistakes, and remains undetected by utilizing scripts as it pilfers confidential information. The latest iteration of AMOS is introduced to macOS in a similar manner as its predecessors. GBhackers.com state, users unknowingly land on a counterfeit app site, download the unauthorized program, try to execute the installation, receive guidance on circumventing macOS Gatekeeper and signature verifications, and proceed with the installation process. If the malware’s payload is now residing in an employee’s remote device (BYOD) linked to the company’s networks, the consequences could be disastrous.
To minimize the risk of businesses falling victim to keyloggers, it is crucial to prioritize knowledge and proactive defence. This can be achieved through various measures such as regularly updating software, implementing robust two-factor authentication, utilizing virtual keyboards, employing cutting-edge anti-keylogger tools, and conducting physical examinations.
SentryBay Protects Against Keylogger Payloads
“Protection against software-based keyloggers like AMOS, the most elusive kind of keylogger malware, is provided by SentryBay’s Armored Client solution,” said Brent Agar, VP Strategic Partnerships, SentryBay. “The Armored Client takes a layered approach to protecting endpoint devices being used remotely to access your business applications and data. Whether your employees or contractors are using unmanaged BYOD or managed endpoint devices, all your corporate apps are targeted on the endpoint and run in a secure session.”
