Atomic Stealer: What it is, how it hits macOS, and how to remove it

Atomic Stealer

What it is

Atomic Stealer is macOS malware built to lift your secrets—especially crypto wallets, passwords, and browser data—then send them to attackers. It often looks harmless while it works. See behaviors and examples in the Atomic Stealer threat guide.

What you may notice

  • New prompts asking for passwords or seed phrases

  • Unknown browser extensions or profiles installed

  • Unusual logins or crypto activity you didn’t make

How it gets in

  • Fake app installers and cracked software

  • Phishing sites posing as wallet tools or updates

  • Malicious browser extensions

Remove it now (quick steps)

  1. Disconnect from the internet; don’t open wallets.

  2. Run a full scan with trusted anti-malware for macOS.

  3. From a clean device, change passwords and enable MFA.

  4. Move crypto to new wallets with fresh seed phrases; revoke suspicious approvals.

  5. On the Mac: remove unknown profiles, login items, LaunchAgents/Daemons, and extensions.

Prevent it

  • Install software only from the App Store or the vendor’s site.

  • Verify wallet tools; never enter seed phrases in a browser pop-up.

  • Keep macOS, browsers, and extensions updated.

  • Use a password manager + MFA on accounts.

    Glossary (A–Z)

    All A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

      • Related Articles

      • PSW.Stealer (Trojan-PWS)

        What it is A password-stealing trojan for Windows that harvests credentials and other sensitive data, then exfiltrates it to the attacker. See our overview for defenders for details. Why it matters Once stolen, credentials enable account takeovers, ...

      • LokiBot (Loki Password Stealer)

        LokiBot (Loki Password Stealer) What it is LokiBot is a credential-stealing trojan that targets Windows and Android. It grabs passwords, cookies, and wallet data, can take screenshots, and sometimes opens a backdoor for more malware. Technical ...

      • Data Execution Prevention

        What it is Data Execution Prevention (DEP) is a Windows safety net that stops code from running in places it shouldn’t—like the stack or heap. If malware tries to execute from those memory areas, Windows blocks it and shuts the app down instead of ...

      • Data Exfiltration

        What it is Data exfiltration is the unauthorized transfer of your data out of your device or network—quietly slipping customer records, passwords, designs, or finances to an attacker. It’s the punchline of many breaches: get in, get data out, cash ...

      • Data Breach

        What it is A data breach is when someone gets into a company’s systems without permission and steals sensitive info—customer names, emails, passwords, payment details, medical records, and more. For overview: see our data breach guide How it happens ...