Hackers are using fake apps to distribute this dangerous Mac malware — don’t fall for this

MacBook Pro 16-inch 2021 sitting on a patio table
(Image credit: Tom's Guide)

If you thought the best MacBooks were safe from malware, think again, as hackers now have Apple’s computers fixed firmly in their sights.

While there are a number of different Mac malware strains, one in particular keeps reappearing. Atomic Stealer is an info-stealing malware which is often distributed through pirated apps. This time, however, this malware is impersonating popular apps in Google Ads to dupe unsuspecting users into infecting their Apple computers.

According to a blog post from Intego, the cybersecurity firm’s researchers have been tracking two new Atomic Stealer variants. What makes this malware particularly dangerous is that it’s designed to steal sensitive data including saved passwords, cookies, autofill text and even crypto from infected Macs.

Here’s everything you need to know about this new Atomic Stealer campaign along with some tips and tricks to help keep your Mac malware free.

In the same way that businesses can buy ad space to have their products show up higher in search results, so too can hackers. They’ve been using this technique for the past year or so, which is why I highly recommend that you now scroll down past the ads and don’t just click on the first result in Google (or any other search engine for that matter).

In this particular campaign, the hackers behind it are impersonating a popular Mac utility, a personal finance app, a digital trading card game and a productivity app using this technique. 

With the utility File Juicer, which extracts embedded files from different types of documents, and the personal finance app Debit & Credit, the hackers behind this campaign are using a fake installer called “AppleApp.” When opened on a vulnerable Mac, instead of installing the actual programs, this installer infects the system with the Atomic Stealer malware.

As for the digital trading card game Parallel and the productivity software Notion, both fake apps have installers that impersonate their legitimate counterparts, complete with their names and logos. 

During its investigation into the matter, Intego also observed that many of these fake apps are actually malware droppers which are “designed to obtain and install additional malware.” These droppers try to hide in plain sight before connecting to a malicious website to download additional payloads onto an infected computer.

How to keep your Mac safe from malware

A padlock resting next to the Apple logo on the lid of a gold-colored Apple laptop.

(Image credit: robert coolen/Shutterstock)

To avoid accidentally downloading fake apps spreading malware onto your Mac, there are a few steps you can take to stay safe.

For starters, it’s better to stick to official app stores like the Mac App Store when downloading new software. If you do need to look for a particular program on a search engine, you want to scroll down past any ads as they could be malicious and instead install the app or program directly from a company’s website. When you know a company’s web address, you’re better off just typing that out into your browser’s address bar, too.

Although your Mac comes with built-in malware protection in the form of XProtect, you might also want to consider investing in the best Mac antivirus software for your Apple computer. These paid antivirus programs have more features, and it’s worth noting that Intego’s Mac antivirus products also have a clever trick up their sleeves. Both Intego Mac Internet Security X9 and Intego Mac Premium Bundle X9 can scan the best iPhones and iPads for malware but only when they are connected to a Mac via a USB cable.

Since Mac users are such a profitable target for hackers, it’s highly likely that we will continue to see even more malware targeting Apple’s computers. This is why you need to be extra careful online and this is especially true when downloading new apps or software.

More from Tom's Guide

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

  • Swach123
    This has been going on for over 9 years that I am aware of. These individuals are people who I new and at the time I had no idea what was going on until I quickly realized that I was hacked and scamed. I reported to police fbi and government officials and nothing was done and now it's just being realized by others. Throughout my personal and professional experiences lead me to do things I don't want to do but I guess the only thing you are looking to improve is the problem with articles like this one. I have documented all the emails and body cams and recorded calls are documented and will make sure that every individual is aware of what is really going on. The fact that people are just picking up on these things is amazing because it has been done years ago from me.