Recently, a threat actor has emerged on the dark web, selling a new variant of a malicious macOS malware called Atomic Stealer. This malware is designed to steal browser data from Chrome, Firefox, and Safari, as well as cryptocurrency wallet information from Electrum and Exodus.

Atomic Stealer has been around since 2019, when the first variant was discovered by researchers. The new variant appears to be the latest in a series of malicious macOS payloads that have been sold on Telegram. It is believed that the actor behind Atomic Stealer is the same actor responsible for the sale of other macOS malware, such as FileCoder and FileStealer.

Atomic Stealer is distributed through malicious links, which are shared via Telegram. Once the user clicks on the link, the malware is downloaded and installed on the victim’s machine. From there, it is able to steal browser data, cryptocurrency wallet information, and other sensitive information. It also has the capability to take screenshots and upload them to the attacker’s server.

In addition to selling Atomic Stealer, the threat actor is also offering technical support and updates to the malware. This suggests that the actor is continuing to develop and refine Atomic Stealer in order to make it more effective.

The presence of Atomic Stealer on the dark web is yet another reminder of the importance of maintaining strong cyber security protocols. It is essential that users remain vigilant and take steps to protect themselves by using strong passwords, avoiding clicking on suspicious links, and regularly updating their antivirus software.