Mac users were exposed to Atomic Stealer malware via malicious Google search ads

This year we have seen the release of a new powerful malware called Atomic macOS Stealer (AMOS) that specifically targets Apple users. Now, in the latest development, AMOS has been found in malicious ads for Google searches. Here’s how to avoid this threat and help others do the same.

This story is supported by MosyleApple’s only unified platform. Mosyle is the only solution that fully integrates five different apps on a single Apple-only platform, allowing businesses and schools to easily and automatically deploy, manage, and protect all of their Apple devices. More than 38,000 organizations benefit from Mosyle solutions to automate the deployment, management, and security of millions of Apple devices every day. Request a free account today And find out how you can put your Apple fleet on autopilot at a price that’s hard to believe.

The latest version of Atomic macOS Stealer has been spotted by researchers at Malwarebytes in what it considers a “malicious ad campaign”.

Malwarebytes reports that the majority of these recent malware campaigns have targeted Windows, but the new Atomic Stealer has the potential to target both Windows and Mac.

As a quick refresher, once your Mac is infected with the AMOS virus, it can steal iCloud Keychain passwords, credit card information, files, crypto wallets, and more (read more details in our previous coverage).

Here’s how the new malicious ad campaign to hack Macs works:

• Malicious ads for Google searches target Mac users
• Phishing websites trick victims into downloading what they think is the app they want
• Malware is bundled into a specially signed app, so Apple can’t deactivate it
• The payload is a new version of the modern Atomic Stealer for OSX (macOS)

To beat Google Ads quality checks, Malwarebytes believes that threat actors use compromised ad accounts to buy ads that lead to phishing sites.

For a detailed look at the mechanics of this malicious ad campaign, see the full post from Malwarebytes.

How to protect against Atomic macOS Stealer

The good news is that this particular attack is highly preventable…

• Do not download software from untrusted or unknown sources
• Be careful if an app asks you to bypass macOS GateKeeper protections
• If you want to download an app outside of Apple’s Mac App Store, check when the website was created

How to check your Mac for malware

If you want to scan your Mac for malware or adware, Malwarebytes offers a free app (for individuals) to find and remove it.

More options include CleanMyMac X, Norton, and McAfee. Read more tips in our full guide on: