A recent cyber security report has revealed two ongoing information-stealing attacks, Atomic Stealer and Meethub, targeting macOS users. These attacks are being carried out using malvertising techniques to steal macOS passwords and crypto wallet credentials of victims.

Details of the Attacks

Jamf Threat Labs, a cyber security firm, has published a report uncovering these two ongoing cyber attacks. The attackers’ methods vary, but their end goal is the same – to steal sensitive private information, including passwords of macOS users. Most of these attackers have been targeting crypto traders in an attempt to get their hands on their crypto wallet ID passwords.

Atomic Stealer

The Atomic Stealer attack begins when users search for “Arc browser” on Google. Sponsored links that appear legitimate are displayed, but when clicked, users are redirected to a malicious site which prompts them to download the Arc Browser, which is actually the Atomic Stealer. This malicious website cannot be accessed directly, only through the sponsored link in Google search. Once inside a system, the Atomic Stealer runs an AppleScript payload to steal sensitive information.

Meethub

Meathub is another ongoing infostealer macOS attack. This attack is initiated through a website called meethub[.]gg, which appears to be an application for voice and video calls. Users are led to this site under the pretext of job offers or interviews for a possible podcast. On clicking the “try for free“ button on the platform, macOS users are prompted to download a 51-megabyte unsigned pkg. This stealer uses an AppleScript call to prompt users for macOS login passwords, copies the user’s keychain, and then uses an open-source chainbreaker tool to collect passwords.

The Rising Trend of Malvertising

Malvertising is a rising trend and a cause of concern for security experts worldwide. This technique involves injecting codes into innocent-looking ads. When users click these ads, they end up installing malware into their system, which can range from viruses and Trojans to spyware and info-stealers like Atomic Stealer. A report by Cyber Security Ventures estimates the cost of malvertising may reach $10.5 trillion by the end of 2025. From every 100 published ads, at least one contains malicious code.

Given these alarming trends, it is crucial for users to exercise caution when dealing with unsolicited links and ads.