Threat actors have been leveraging malicious ads and websites to facilitate ongoing information-stealing malware attacks against macOS devices, The Hacker News reports.
Intrusions deploying Atomic Stealer involved the targeting of individuals looking for Arc Browser lured to click on fraudulent ads redirecting to a spoofed website, according to a report from Jamf.
Attackers have also used another fake website purporting to have free group meeting scheduling software to target job seekers with another infostealer similar to the Realst malware. Such a payload not only enabled keychain data and browser credential exfiltration but also cryptocurrency wallet data exfiltration.
Researchers noted that the ongoing attacks have been primarily aimed at the cryptocurrency industry, which could yield significant payouts. Those in the industry should be hyper-aware that it's often easy to find public information that they are asset holders or can easily be tied to a company that puts them in this industry," said researchers.