Detection Details

OSX.Odyssey

ThreatDown is now the name of the Malwarebytes line of business products. References to Malwarebytes below reflect the amazing technology used to first identify the threat.

Short bio

OSX.Odyssey is Malwarebytes’ detection name for an information stealer targeting macOS systems and a variant of OSX.AtomStealer also known as Atomic Stealer.

Type of infection

OSX.Odyssey uses several methods of infiltration, including fake installers and malvertising. It uses AppleScript instead of pure shell commands to gather system and user information. The stolen data is stored in a temp directory and communicated to a C&C server.

Protection

Malwarebytes’ and ThreatDown products detect and remove OSX.VSearch.

Business remediation

All ThreatDown bundles include protection for Macs.

Home remediation

Malwarebytes for Mac will detect and remove the components of this malware.

Download and install the latest version of Malwarebytes for Mac.

Click the “Scan Now” button to perform a system scan.

If threats are detected during the scan, a count of detected threats is displayed. More detailed threat information is displayed after the scan completes.

Click “Confirm” to move the detected threats to Quarantaine.

If a restart is required to complete remediation of threats detected during a scan, you will be notified. When a restart is required, please remember to save all work before clicking “Restart”.

Associated threats

C2: poseidon.cool

Related Content

Rise of Atomic Stealer signals a sea change in macOS malware