Here's the big section of the article:
Having done the above, Atomic proceeds to extract information from software that runs on the breached macOS machine, including the following:
- Desktop cryptocurrency wallets: Electrum, Binance, Exodus, Atomic
- Cryptocurrency wallet extensions: 50 extensions are targeted in total, including Trust Wallet, Exodus Web3 Wallet, Jaxx Liberty, Coinbase, Guarda, TronLink, Trezor Password Manager, Metamask, Yoroi, and BinanceChain.
- Web browser data: auto-fills, passwords, cookies, and credit cards from Google Chrome, Mozilla Firefox, Microsoft Edge, Yandex, Opera, and Vivaldi.
- System information: Model name, hardware UUID, RAM size, core count, serial number, and others.
Atomic also gives operators the capability to steal files directly from the victim's 'Desktop' and 'Documents' directories.
However, the malware must request permission to access these files, which creates an opportunity for victims to realize the malicious activity.