- A new cyber security report has uncovered two ongoing info-stealing attacks – Atomic Stealer and Meethub, on macOS users
- Hackers are using malvertising techniques to steal macOS passwords and crypto wallet credentials of victims
A cyber security firm, Jamf Threat Labs, has published a report uncovering two ongoing cyber attacks targeting macOS users.
The modus operandi of both these attacks are quite different. However, the end goal is the same – to steal sensitive private information, including passwords of macOS users.
Most of these attackers have been targeting crypto traders in an attempt to get their hands on their crypto wallet ID passwords.
Atomic Stealer
When you search for “Arc browser “on the Google search engine, you’ll see some sponsored links that seem legitimate on the face. However, on clicking this, users are redirected to a malicious site which prompts them to download the Arc Browser, which in reality is the Atomic Stealer.
Once inside your system, the Atomic Sealer runs an AppleScript payload to steal sensitive information. You will see a dialogue box prompting you to enter your macOS password (which you shouldn’t).
Meethub
Meathub is another ongoing infostealer macOS attack. Jamf Threat Labs observed an attempted execution of an unsigned executable with a mismatched application name and executable name, which raised suspicions.
Further investigation led the team to a website called meethub[.]gg.
As the name suggests, Meethub appears to be an application to hold voice and video calls. On clicking the “try for free“ button on the platform, macOS users are prompted to download a 51-megabyte unsigned pkg.
- Just like Atomic Stealer, this particular stealer also uses an AppleScript call to prompt users for macOS login passwords.
- Once the user enters the password, the application copies the user’s keychain.
- After the keychain is unlocked, the hacker uses an open-source chainbreaker tool to collect passwords. The chain breaker tool is bundled with the downloaded application itself.
Apart from passwords, the stealer is also capable of swiping into credit card details and credentials of installed crypto wallets, such as Ledger and Trezor.
Besides this, Moonlock Lab, MacPaw’s cybersecurity division, has discovered that hackers have been using harmless-looking DMG files to deliver stealer malware to MacOS through obscured AppleScript and bash payload. As discussed above, AppleScript is then used to prompt users to enter their sensitive passwords.
Read more: FBI seizes website used to sell malware as a remote access tool
The Rising Trend of Malvertising
The rising trend of malvertising is a cause of concern for security experts worldwide. Malvertising is a new cyber hacking technique where malicious actors inject codes into innocent-looking ads.
When users click these ads, they end up installing malware into their system, which can be anything from viruses and Trojans to spyware and info-stealers like Atomic Stealer.
- A report by Cyber Security Ventures estimates the cost of malvertising may reach $10.5 trillion by the end of 2025.
- From every 100 published ads, at least one contains malicious code.
With these alarming trends, it is high time users exercise caution when dealing with unsolicited links and ads.
Share 
Krishi Chowdhary Journalist 
Question & Answers (0)