If you are a macOS user, you might want to pay attention to a new malware that has been discovered recently. It is called Atomic Stealer and it can steal various types of information from your machine, including your Keychain passwords, system information, files from your desktop and documents folder, and even your macOS password.

Atomic Stealer is being advertised on Telegram by its developers for $1,000 per month. It joins the likes of MacStealer, another macOS malware that uses a similar technique to steal data from compromised devices.

According to Cyble researchers, who published a technical report on the malware, Atomic Stealer can also extract data from web browsers and cryptocurrency wallets like Atomic, Binance, Coinomi, Electrum, and Exodus. The malware comes with a ready-to-use web panel for managing the victims.

The malware is distributed as an unsigned disk image file (Setup.dmg) that masquerades as legitimate software such as Notion, Photoshop CC 2023, or Tor Browser. When the user executes the file, it prompts them to enter their system password on a fake dialog box to escalate privileges and carry out its malicious activities.

The malware then proceeds to harvest system metadata, files, iCloud Keychain, as well as information stored in web browsers (e.g., passwords, autofill, cookies, credit card data) and crypto wallet extensions. All the stolen data is compressed into a ZIP archive and sent to a remote server. The ZIP file is also sent to pre-configured Telegram channels.

This is not the first time that macOS users have been targeted by malware that can steal their passwords and crypto wallets. In March 2023, researchers from Trend Micro uncovered a new variant of XCSSET malware that could steal data from various apps such as Evernote, Skype, Telegram and WeChat.

The development of Atomic Stealer shows that macOS is increasingly becoming a lucrative target for cybercriminals who want to exploit the growing popularity of the operating system. Therefore, it is imperative that users only download and install software from trusted sources, enable two-factor authentication for their accounts, review app permissions, and refrain from opening suspicious links received via emails or SMS messages.

Google has also launched some new cybersecurity initiatives to strengthen vulnerability management and establish greater transparency measures around exploitation. The company said it’s forming a Hacking Policy Council along with Bugcrowd, HackerOne, Intel, Intigriti, and Luta Security to ensure new policies and regulations support best practices for vulnerability management and disclosure.

Google also said it’s committing to publicly disclose incidents when it finds evidence of active exploitation of vulnerabilities across its product portfolio. Additionally, the company said it’s instituting a Security Research Legal Defense Fund to provide seed funding for legal representation for individuals engaging in good-faith research to find and report vulnerabilities in a manner that advances cybersecurity.

The goal of these initiatives is to escape the “doom loop” of vulnerability patching and threat mitigation by focusing on the fundamentals of secure software development, good patch hygiene, and designing for security and ease of patching from the start.