en
Atlas was developed for spear phishing attacks against targets equipped with macOS.
Core Features:
* Browsers: Full extraction of passwords, cookies, history, autofill, credit card data, and service tokens.
* Browser Extension Wallets: including MetaMask, Trust Wallet, Coinbase Wallet, Phantom, Keplr, etc.
* Desktop Crypto Wallets: Support for Exodus, Atomic, Binance, Guarda, Wasabi, Electrum, Ledger Live, and more.
* System & Keychain: Keychain phishing for master password, dumping, and decryption of stored credentials.
* Files: Filters and exfiltrates files from Desktop and Documents folders, etc.
* Communication: End-to-end encrypted asynchronous reverse shell for persistent access.
* Exfiltration: Utilizes indirect exfiltration methods via Dropbox, Uploadcare, and Gyazo APIs.
* Builder: Automatically generates a link with a polymorphic encrypted Bash dropper, ready for use in "Clickfix" campaigns.
* Flexibility: Supports Intel and Apple Silicon architectures.
A commercial thread will be opened on the 31st.
The first 5 to make contact will receive a 60% discount on the release date.
Release Date: December 31, 2025
RU
Atlas был разработан для целенаправленных фишинг-атак против целей, использующих macOS.
Основные возможности:
* Браузеры: Полное извлечение паролей, куки, истории, автозаполнения, данных кредитных карт и служебных токенов.
* Расширения-кошельки для браузера: включая MetaMask, Trust Wallet, Coinbase Wallet, Phantom, Keplr и другие.
* Настольные крипто-кошельки: Поддержка Exodus, Atomic, Binance, Guarda, Wasabi, Electrum, Ledger Live и другие.
* Система и Keychain: Фишинг мастер-пароля Keychain, дамп и дешифрование сохраненных учетных данных.
* Файлы: Фильтрация и извлечение файлов из папок Рабочий стол, Документы и т.д.
* Коммуникация: Сквозное зашифрованное асинхронное обратное соединение для постоянного доступа.
* Экспфильтрация: Использует методы косвенной экспфильтрации через Dropbox, Uploadcare и Gyazo API.
* Сборщик: Автоматически генерирует ссылку с полиморфным зашифрованным Bash-дроппером, готовым к использованию в кампаниях "Clickfix".
* Гибкость: Поддержка архитектур Intel и Apple Silicon.
Торговая тема будет открыта 31 числа.
Первые 5 связавшихся получат скидку 60% на дату релиза.
Дата релиза: 31 декабря 2025
ZH
Atlas专为针对macOS设备的鱼叉式网络钓鱼攻击而开发。
核心功能:
* 浏览器:全面提取密码、Cookie、历史记录、自动填充数据、信用卡数据和服务令牌。
* 浏览器扩展钱包:包括 MetaMask, Trust Wallet, Coinbase Wallet, Phantom, Keplr 等。
* 桌面加密货币钱包:支持 Exodus, Atomic, Binance, Guarda, Wasabi, Electrum, Ledger Live 等。
* 系统与钥匙串:对Keychain主密码进行钓鱼攻击,转储并解密存储的凭据。
* 文件:从桌面、文档等文件夹中过滤和窃取文件。
* 通信:端到端加密的异步反向Shell,用于持久访问。
* 数据渗出:利用通过 Dropbox, Uploadcare 和 Gyazo API 的间接渗出方法。
* 构建器:自动生成链接,附带一个多态加密的Bash投放器,可直接用于"Clickfix"攻击活动。
* 灵活性:支持Intel和Apple Silicon架构。
商务主题将于31日开启。
前5位联系者将在发布日享受60%的折扣。
发布日期:2025年12月31日
Element: @mrstuxnot:matrix.org
Session: 05bbceda704b413c49d51ea4ea427b5448741363212ee041e0ee2e52c3c1693720
qTox: F3E198D5E13400002C40160043F4F1A6C314EA8BB1C98BB898AEBEF87D948546BAE79AA9EF36
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Contact me if you need something customized.
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEkRAmGJRbJOK3/2sk1FwrT0kGms8FAmlS6XAACgkQ1FwrT0kG
ms/ySQ/+ISxR5DX2i19hpV7DFo1cOV+8orJxcnLYKM7m/JBCvKWwtzIO9GfJcut0
874unbFSt8v4nZEjby3BOCh6FUrkyrIrj+uIWf6JDhEdUr/o3OxquqTxH1ys9xmn
2MA/Znat0x8x1Yq1/Y0qd3JlaAS8cZYvpLMTfL0O+o/I7IZGyTWR0E8vgr/IlEbH
mVmCFw7ydXuj07Dt+2fBxcmgOFM3nzPL6j422Zd/fDKhnPxYL3KK1NvhmHahiA6A
qXcUBLrkpXtVsBkmrwepUfPw2UHmxNsqBBu8yrZpdMsTV1G5mtrnErT7AiQE49pQ
0jY2S4BtL5O4c0SsAshyUzKIqYVem41HqMMgLifYtEWq5ASZ+aJ6FB/RGj8TcKVL
qVdQXI+nICB06tjI3mC7EVPZ4zbQM+nFZffEp8xAhk7ZwUsCcmgiuB5HJOxWhM3k
IaJSQgwa9VeOXb4LddajeOhLtaTEcsfsN/dapHrNapFdF5Ei9jbIDCNFjVkun1zL
8R0ZuejcmOw/hl/J+CW/Wu+Y24qqH7LVrsTsPbPyaDfhoGonUVp3jMRS6gMrnJGl
s2h6jml3xlLj/6b/khoHJSHLmlOXA4H8D0WT3YEe4SxpQbD07Pdcjjy/1Y+y5+0d
XHkGJIIvuZz7YCTncLnZoz7Dv01NsnIPeM0CQ5cxKG1rS/mU0qE=
=eMrF
-----END PGP SIGNATURE-----
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGlJu3kBEADacwQGOOSS7GnwM8pRzRsVqpXxoytTW5Df/vsWlQD1NJFFaFTz
9cTMQGVzYktmgUpMD/lR1EXVDnZ1owEiyRHesBEzu9NJMSJ1wN5K6k5h52/OEcer
avguV8g/w40WUFecFlxaieYS34oj9so+hlJRSSvg/CaVVkTig+BRiWCGhiRTWprz
AE71iYqCYqDP/f0jajTFeqk+uKJmFCj3sYkmTomc1n+vZQBdicOeJpQ5BPTP5HMT
7ozgKSf1RoK90R3HYT8aiUPhSArQL09Abaum4XKiOgmMpHhuvQgHuDfIPGE8fpXI
qQxMqA+T1Wzsiueb3CbTUPTZola/ST8xdLg33r8iGgrJ71iQ5KxXtpXoIGoT9qs4
cDUp4xfSmkgFldnxlpX5XbfeOzY6JR39AkBOV+xU2pW/U+mU40vGgHMZt8C4+a5i
LWXT43JIgLKyN77qxlHasgLcJoEAvITAujwbKiqMp6MXUkHC52xfuqIPd9vkml57
esdfw52M4IOiCv5wrWOZQJhv6xsuVrWwYikdrklq6b2xsDhkTASP/NAk94oY5HNO
oB22TKeblbPsHcdnP+cfvRq6ApEbceHRdQeaAEDndsNK7t8ahMeFu48wFX4/fyP0
9xnEsDM3HOS1a9xkg9bVnfAdO+7c2cMWN7HLPZ9tD8reSC0dqg7Q9vulUwARAQAB
tDpNci5TdHV4bm90IChNci5TdHV4bm90IEZvcnVtcyBrZXlzKSA8c3R1eG5vdEB0
dXRhbm90YS5jb20+iQJRBBMBCgA7FiEEkRAmGJRbJOK3/2sk1FwrT0kGms8FAmlJ
u3kCGwMFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AACgkQ1FwrT0kGms9NEA//
ZDc3evxiviuY0ncMhRxEyzpLlWonJ0mdrC3nTdfy/4uQPtezbvVI9SukdhK8We1N
OO5GxP9Uuwd3h+pmVHgQ5JJO8GUX/WWgmF2M85V6WNcT4srjW1JeKB7kc2vohO+a
39b0k49VeLhldWblUCLqxQLDew17I7KRQEoVa9WWRTg+OVPlD84K4XRZ74IUN7Hp
+D23MV2b8y83Od0PE00j9fiq/rRic7Um5dmPsGs8Rl9oUhYZvlxZ5HVSDcU7Y3TR
R9QULyOLit1G/92EO8a96sJUr75rFoCK4xe5O7KHi82KD0ZMsAVzmJL2rvfiD/Uk
59YHinOv3I2jugwOfN1x+w8jN/3wQlMb2mGUVNbAmKXB5MnHkpq9u0XvUvEZEJ3Y
L+kIS7/PYWTW/YW/5RYW51/E8VWDxpas16TA5iWeCTq4jCIN+HC4erbJlr+sEyD5
ZmA5lN/Wll0R1gmj7POF9U6NyfrzklBQz51cORNY3LOfhUrU9o3Bbfi49vfJFeLp
mB7Hlp+NC9Lu2Q9Gb5JQ0OVsBwde7fqm/IRrAR900PhpkZuF3qR0VjJ/bQAaiRNp
xJ80tZdDkcayrzW8SOOaL4ELbG1wSRzCUN5ziIbNRmKIt/4XcDwJGSVqtgf3piTj
YK0vsly7BhZuqZXqfSdjuzqrTa9a2xP/TmLGwXE2Sle5Ag0EaUm7eQEQANFrsBLO
u9ZGngCu60GpoHOvz3wNEVpZYG16/ONXxUfC2KFbJQAWDnuNyGvRN8Yo0Bqj3cKN
a2ezeSghJnmf8tY3Wq9o6NH4EEYXsXHAgesx3ioko+hJWstRdrLfsYQHZy+cyHHT
ls9wWR07wHDcZV/+mJG/EOlVd6ysskjZsFn7mzKbtBvjmN4fOANtzmG9lWDBCHK4
5ScHelxH4xykfWdNZkHSDoDIyS88tocaNHtHKW1eU8NROMIBz6inqHMvZEi3Ryx4
UjaL64/e/aMHPnP0iCiIQ/ycoP9pIvS73HxIhldSaTe2G1Dl44o3QjxXpc+C5/JZ
zSPVXlAbdvwyLlCnQShVrD70TC+avSNC6z0OLmzLWr+rwB8+y3HRRH4MHEJqN3da
QyDo7OAavjqPdOGUmz5iValrn9nahlcRgPbcBer2jCVoQSVP/vUUSmgN13j35E61
CNHNOKhdURoDFlXsnWotTwpG1+RVRhCdZ7aafOGIKDp6ASr3qTaMys1ve6haPUhQ
StgRytHBnSVamNUDwYB2l66PEi8ir0aiKl3QAusv5i45Kpbnav0hEXNRsgL3AQXm
t48yEPNdLKGqjLi9lxwqkfIZ0PaH6wYJzJ+bYl/Gbm1AmLtll5127F4kNqq8dPNU
D8+U3D3kcWyVNWenfNoqIy0GU9fXGEA0xkZhABEBAAGJAjYEGAEKACAWIQSRECYY
lFsk4rf/ayTUXCtPSQaazwUCaUm7eQIbDAAKCRDUXCtPSQaazwYAD/9gbzQXQYq8
ndvIOB610sFHY60lBrJWh7QE3GNypdvWlEfeKq6w0q0N0h7z9DDe56a/flUUrHjY
rd754mKFh/oPAm3EToOmX3w2LRpLTn9U41jY2TRWGssR6FAGpXawQc33VDqYjsmJ
WxtFiAUc6fG/PDdFwlXPdoAVLb/g02WvZxU321xrUHX95QhN+uH3dd9PKgyMOQKT
5voU4bPWfHejEf3DYfoHhpFGclB3463LodSjhUot5jzJBRx/oklqBIgZaCfQ/zK4
vmBGnmpCo5jLFoIPPrsYlsgkLyy4oGe1/C7Moa3S42TKVf5TjldV4h8JnF1Y/t9l
msrqpBx/Q5fAhvM2/OLpMLGYzzrRkNl4AfCMtJJ5FwC4rHrTnlJMRDdpyK4BLBA6
AWAnF5gjvTD+ae4/EofUxD6Egts8SMRh91PeedWphjKDMUsk6uVXT4acFPTgB5zJ
WdeV8dEZg6bbQhuF7dlww2jyNdfSaixJACYivdonhOPJWcegueH5l+SCv87/b3RL
wl90QcXwKs1RLVTIZPBGqXuDRymzi4Q7QJVxXeL/ZNwTKoxQtDuNv7aB6/uvAnWo
oCqEcwpZBHQ48bfPPeUTWRBL+Nm1uyXahO+xk/i0BEkzMBBBYfr1AP3MFyqw6tlB
0+RAOrig6+M4yuCCxEwQqBLa1fNh9MrHbg==
=jfxt
-----END PGP PUBLIC KEY BLOCK-----
