July 12, 2024 By Jérôme Segura
Competition between stealers for macOS is heating up, with a new malvertising campaign luring Mac users via a fraudulent advert for Microsoft Teams. This attack comes on the heels of the new Poseidon (OSX.RodStealer) project, another threat using a similar code base and delivery techniques.
Based on our tracking, Microsoft Teams is once again a popular keyword threat actors are bidding on, and it is the first time we have seen it used by Atomic Stealer. Communication tools like Zoom, Webex or Slack have been historically coveted by criminals who package them as fake installers laced with malware.
This latest malvertising campaign was running for at least a few days and used advanced filtering techniques that made it harder to detect. Once we were able to reproduce a full malware delivery chain, we immediately reported the ad to Google.
