Site icon MacTech.com

Michael Covington of Jamf comments on AMOS malware

This past week, a breaking story came to light regarding the new offering of an information stealer, dubbed the Atomic macOS Stealer (AMOS). 

Offered for US$1,000 per month, the stealer can obtain victim keychain passwords, system information, files, and more, sparking substantial conversations around severity and processes to prevent further harm.

This past February, Jamf unveiled research on a family of malware using a cryptomining tool that went previously undetected. Now Michael Covington, vice president, Portfolio Strategy, of Jamf, has the following to say about AMOS:

This past week, a breaking story came to light regarding the new offering of an information stealer, dubbed the Atomic macOS Stealer (AMOS). 

Offered for US$1,000 per month, the stealer can obtain victim keychain passwords, system information, files, and more, sparking substantial conversations around severity and processes to prevent further harm.

This past February, Jamf unveiled research on a family of malware using a cryptomining tool that went previously undetected. Now Michael Covington, vice president, Portfolio Strategy, of Jamf, has the following to say about AMOS:

“The newly discovered malware targeting macOS to steal sensitive information is another example of a concerning trend — attacks against the Apple platform are becoming more widespread, as modern devices are being exploited for their powerful processing capabilities and the rich repositories of both work and personal data contained within.

“Analysis of the Atomic macOS Stealer shows that Apple’s operating systems have proven to be fairly resilient to classic attack vectors, so users are increasingly being targeted with social engineering attacks that bypass system controls, allowing the malware to establish a foothold on the device.

“Jamf’s recent annual Security 360 Report highlights the current state of social engineering on modern platforms and a recent discovery of “cryptojacking” malware in pirated versions of Final Cut Pro for macOS shows that embedding malware in popular applications — often pirated — is becoming a common route to market for malware operatives targeting macOS.

“As modern devices like the Mac and companion mobile platforms become more common in the workplace, they also become more valuable targets for cybercriminals; it is likely that we will continue to see new and sophisticated forms of malware targeting these devices in the future.

“In fact, the Atomic macOS Stealer is evidence that attacks against macOS are now being commoditized and turned into subscription services for use by organized crime and other groups with malicious intent. The “malware as a service” offering associated with this particular effort charges $1,000/month for access to a broad set of data stores on the device and an easy-to-use interface for distributing the malware and monitoring installations.

“It is crucial that individuals and organizations take steps to protect their Apple devices. Best practices suggest users keep the operating systems up-to-date, maintain good configurations like activating FileVault disk encryption, use reputable security solutions, and scrutinize any application that is asking you to grant extra permissions or take extra steps to launch (such as right click-open to bypass security controls). It’s also important for organizations to prioritize security education and awareness about social engineering tactics, particularly on modern platforms where focused training has historically been absent.

“The credential theft made possible through AMOS and similar malware attacks on the Apple keychain show that traditional password-based authentication is no longer sufficient to protect critical applications and data. There is a growing need for organizations to roll out a complete, integrated solution that can ensure user access is blocked when devices are compromised.

“Jamf’s vision for Trusted Access ensures that only authorized users on enrolled devices that meet organizational security standards are able to access protected applications; if the device is found to be compromised, access is blocked until the issue is resolved.

“By implementing a complete, integrated solution like Trusted Access, organizations can greatly reduce the risk of credential theft to protect against data breaches and other types of cyber threats, while also ensuring that users can access the data they need to do their jobs without compromising security.”




Article provided with permission from AppleWorld.Today
Exit mobile version