Fake deepseek site infects mac users with poseidon stealer
Atomic macOS Stealer (AMOS) is a malware for macOS systems. It's intended to steal sensitive data like keychain passwords, system details, desktop and documents folder files, macOS passwords, and browser data including auto-fill data, passwords, cookies, and credit card information2. It also steals cryptocurrency-related data like wallets from Electrum, Binance, Exodus, Atomic, and Coinomi.
The malware is normally spread via malicious advertisements (malvertising) or infected websites, and it can be bought on sites such as Telegram. After installation, the malware delivers its payload, stealing sensitive information like keychain passwords, system data, files, macOS passwords, browser data, and cryptocurrency wallet information. The stolen data is then exfiltrated to a command and control server operated by attackers. The malware can also try to achieve persistence on the system in order to keep gathering information over time. Prevention against such attacks includes maintaining systems and applications up to date, not using software from unknown sources, and employing strong, one-of-a-kind passwords with multi-factor authentication.
Make sure to look for this command osascript -e 'if (short user name of (system info)) is "maria" or (short user name of (system info)) is "run" or (short user name of (system info)) is "jackiemac" or (short user name of (system info)) is "bruno" then error number -1'