- Microsoft warns that macOS now faces a rapidly expanding ecosystem of malware and information thieves
- Malicious actors use social engineering and malvertising to deliver DMG installers with variants such as DigitStealer, MacSync, and AMOS.
- Attackers target browser sessions, cloud tokens, and developer credentials, while abusing legitimate tools like WhatsApp and Google Ads for propagation.
The days when Windows was always the number one target for cybercriminals are over – as new research shows, macOS is just as important, with users facing a “rapidly expanding” ecosystem of malware, social engineering tactics and legitimate but weaponized tools.
A Microsoft report reveals that hackers are using social engineering techniques such as ClickFix (simulating a problem and offering a “solution”) and malicious advertising campaigns to deliver disk image installers (DMGs).
These installers then remove all kinds of malware, but a few malware variants stand out: DigitStealer, MacSync, and Atomic macOS Stealer (AMOS). Microsoft also said that cross-platform malware, like that written in Python, accelerates the activity of information thieves because it allows threat actors to quickly adapt to mixed environments.
Long-term aggregation effort
Most of the time, scammers want to steal sensitive data. However, this no longer just means passwords: it also includes browser sessions, keychains, cloud tokens and developer credentials, since these secrets enable account takeover, supply chain compromise, BEC and ransomware attacks and, in some cases, direct cryptocurrency theft.
Microsoft has also observed abuse of legitimate tools and services. For example, hackers have compromised people’s WhatsApp accounts and then used them to spread information-stealing and other malware.
In other cases, they have seen malicious ad campaigns taking place on the Google Ads network, promoting a fake PDF editor that not only deploys an information stealer, but also establishes persistence.
The company also shared a long list of recommendations and mitigations that businesses should follow, including educating employees about phishing, monitoring suspicious endpoint activity, and inspecting network output for POST requests to newly registered or suspicious domains.
Additionally, businesses should enable cloud-delivered protection in Defender, deploy cloud-based machine learning protections, run EDR in block mode, and more.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
