If you thought the best MacBooks were safe from malware, think again, as hackers now have Apple’s computers fixed firmly in their sights.
While there are a number of different Mac malware strains, one in particular keeps reappearing. Atomic Stealer is an info-stealing malware which is often distributed through pirated apps. This time, however, this malware is impersonating popular apps in Google Ads to dupe unsuspecting users into infecting their Apple computers.
According to a blog post from Intego, the cybersecurity firm’s researchers have been tracking two new Atomic Stealer variants. What makes this malware particularly dangerous is that it’s designed to steal sensitive data including saved passwords, cookies, autofill text and even crypto from infected Macs.
Here’s everything you need to know about this new Atomic Stealer campaign along with some tips and tricks to help keep your Mac malware free.
Impersonating popular Mac apps
In the same way that businesses can buy ad space to have their products show up higher in search results, so too can hackers. They’ve been using this technique for the past year or so, which is why I highly recommend that you now scroll down past the ads and don’t just click on the first result in Google (or any other search engine for that matter).
In this particular campaign, the hackers behind it are impersonating a popular Mac utility, a personal finance app, a digital trading card game and a productivity app using this technique.
With the utility File Juicer, which extracts embedded files from different types of documents, and the personal finance app Debit & Credit, the hackers behind this campaign are using a fake installer called “AppleApp.” When opened on a vulnerable Mac, instead of installing the actual programs, this installer infects the system with the Atomic Stealer malware.
As for the digital trading card game Parallel and the productivity software Notion, both fake apps have installers that impersonate their legitimate counterparts, complete with their names and logos.
During its investigation into the matter, Intego also observed that many of these fake apps are actually malware droppers which are “designed to obtain and install additional malware.” These droppers try to hide in plain sight before connecting to a malicious website to download additional payloads onto an infected computer.
How to keep your Mac safe from malware
To avoid accidentally downloading fake apps spreading malware onto your Mac, there are a few steps you can take to stay safe.
For starters, it’s better to stick to official app stores like the Mac App Store when downloading new software. If you do need to look for a particular program on a search engine, you want to scroll down past any ads as they could be malicious and instead install the app or program directly from a company’s website. When you know a company’s web address, you’re better off just typing that out into your browser’s address bar, too.
Although your Mac comes with built-in malware protection in the form of XProtect, you might also want to consider investing in the best Mac antivirus software for your Apple computer. These paid antivirus programs have more features, and it’s worth noting that Intego’s Mac antivirus products also have a clever trick up their sleeves. Both Intego Mac Internet Security X9 and Intego Mac Premium Bundle X9 can scan the best iPhones and iPads for malware but only when they are connected to a Mac via a USB cable.
Since Mac users are such a profitable target for hackers, it’s highly likely that we will continue to see even more malware targeting Apple’s computers. This is why you need to be extra careful online and this is especially true when downloading new apps or software.
More from Tom's Guide
