Atomic macOS Stealer (AMOS) Malware

A new variant of the “Atomic macOS Stealer” (AMOS) malware has been identified, posing a significant threat to macOS users by targeting and stealing sensitive data such as passwords, browser history, and cryptocurrency wallets. The malware is sold on the dark web for $1,000 a month, making it accessible to cybercriminals and increasing its potential impact. AMOS uses phishing emails and fake software updates to infiltrate systems. Once inside, it extracts keychain information, passwords stored in browsers, and files like PDFs and Word documents. Users are advised to stay vigilant, avoid downloading unverified files, and update their software regularly to reduce the risk of infection.

For a detailed analysis, visit the original article [here](https://news.sophos.com/en-us/2024/09/06/atomic-macos-stealer-leads-sensitive-data-theft-on-macos/).

Burnt Cigar 2: Scripting the Burning of Your Own Defense

In the recent blog post titled *Burnt Cigar 2: Scripting the Burning of Your Own Defense*, Sophos provides an in-depth analysis of the emerging trend of attackers leveraging legitimate tools to bypass defenses and execute their attacks. The blog dives into how threat actors use automation and scripting to dismantle security defenses in targeted environments, rendering traditional security measures less effective. It emphasizes the need for organizations to move beyond static defenses and adopt more adaptive security models, such as those offered by extended detection and response (XDR) and managed detection and response (MDR) solutions.

To read the full article, visit [Sophos News – Burnt Cigar 2](https://news.sophos.com/en-us/2024/08/27/burnt-cigar-2/).

The Evolving Pressure Tactics of Ransomware Gangs

In a recent article by Sophos, “Turning the Screws: The Pressure Tactics of Ransomware Gangs,” new strategies used by cybercriminals to pressure victims into paying ransoms are explored. These groups have evolved from simply encrypting data to leveraging extortion techniques, such as threatening to leak sensitive information or damaging a company’s reputation. The article highlights that ransomware gangs increasingly target high-profile organizations, using fear and urgency to coerce payments. By understanding these tactics, businesses can better prepare and implement security measures to mitigate risks.

Read the full article: [Turning the Screws: The Pressure Tactics of Ransomware Gangs](https://news.sophos.com/en-us/2024/08/06/turning-the-screws-the-pressure-tactics-of-ransomware-gangs/)

Don’t Get Mad, Get Wise: How to Defend Against Cyberattacks with Knowledge

In the blog post “Don’t Get Mad, Get Wise: How to Defend Against Cyberattacks with Knowledge,” Sophos emphasizes the importance of using intelligence to outsmart cybercriminals. The article explores how organizations can shift their mindset from reactive to proactive by focusing on cybersecurity education and awareness. With the right knowledge, businesses can better understand the threats they face, utilize detection and response tools, and develop strong defensive strategies to stay ahead of cyberattacks. By leveraging Sophos Managed Detection and Response (MDR) and Extended Detection and Response (XDR) solutions, companies can transform threat intelligence into action, reducing the risk of breaches.

Read the full article here: [Don’t Get Mad, Get Wise](https://news.sophos.com/en-us/2024/08/13/dont-get-mad-get-wise/)

Qilin Ransomware Caught Stealing Google Chrome Credentials

In a recent discovery, Sophos Labs uncovered that the Qilin ransomware is not only encrypting files but also stealing sensitive credentials stored in Google Chrome. This new behavior signals a broader approach by ransomware operators, combining data theft with encryption for maximum leverage over victims. By accessing stored credentials, attackers can target additional services and accounts, significantly escalating the potential damage.

Qilin’s dual threat model serves as a reminder for organizations to strengthen their cybersecurity measures, with a focus on ransomware resilience and proper credential management. Ensuring Chrome’s password manager is properly secured and limiting the use of stored credentials can mitigate this risk. Additionally, adopting a robust ransomware protection solution and implementing multi-factor authentication (MFA) are essential steps to defend against these evolving tactics.

For more details, read the full article here: [Qilin Ransomware Caught Stealing Credentials Stored in Google Chrome](https://news.sophos.com/en-us/2024/08/22/qilin-ransomware-caught-stealing-credentials-stored-in-google-chrome/).