A toolkit for data theft as a service was recently reported on by researchers at the dark web monitoring firm Cyble. They discovered the toolkit being sold in a clandestine Telegram group. The fact that this “service” was created particularly to aid would-be cybercriminals in targeting Mac users is one peculiar feature about it.
The name of the malware vendors’ “product,” Atomic macOS Stealer (abbreviated AMOS), made it plain that they were targeting Apple users. Ironically, the only browser that isn’t listed is Apple’s own Safari, but the vendors assert that they can access data from Chrome, Firefox, Brave, Edge, Vivaldi, Yandex, Opera, and Opera’s gamer-focused browser, OperaGX.