Removal instructions for the Poseidon stealer-type malware
Written by Tomas Meskauskas on (updated)
What kind of malware is Poseidon?
Poseidon is a stealer-type malware targeting macOS devices. This malicious program seeks to acquire files, log-in credentials, cryptowallets, and other sensitive information. In the early summer of 2024, Poseidon was observed proliferating via malicious Google ads.
Poseidon malware overview
As mentioned in the introduction, Poseidon is designed to extract and exfiltrate data from infected machines. The stealer begins by collecting relevant device data (e.g., hardware info, device name, OS details, etc.).
According to the stealer's promotional material used by its developers, Poseidon has customizable file-grabbing abilities. It can obtain content from Notes, Photos (from Notes), and Keychain (native Mac password manager).
The malware also seeks data from browsers, such as Google Chrome, Safari, Mozilla Firefox, Microsoft Edge, Opera, and other browsers. Information of interest may include: browsing and search engine histories, Internet cookies, account log-in credentials (usernames/passwords), personally identifiable details, credit card numbers, and so on.
Additionally, Poseidon can steal over 160 cryptocurrency wallets. It likewise targets data associated with password managers, as well as FTP (File Transfer Protocol) and VPN (Virtual Private Network) clients.
Although the ability to steal VPN configurations is listed in the promotional material – it is unfinished as of the time of writing. Poseidon appears to be in active development – hence, potential future iterations of this stealer could include finished code, a broader target list, or additional/different capabilities.
In summary, the presence of software like Poseidon on devices can lead to severe privacy issues, financial losses, and identity theft.
Name | Poseidon malware |
Threat Type | Mac malware, Mac virus, stealer, password-stealing virus |
Detection Names | Avast (MacOS:Agent-ANG [Trj]), Combo Cleaner (Gen:Variant.Trojan.MAC.Stealer.35), ESET-NOD32 (OSX/PSW.Agent.BN), Kaspersky (UDS:Trojan-PSW.OSX.Amos.v), Full List Of Detections (VirusTotal) |
Symptoms | Trojans are designed to stealthily infiltrate the victim's computer and remain silent, and thus no particular symptoms are clearly visible on an infected machine. |
Distribution Methods | Deceptive pop-up ads, free software installers (bundling). |
Related Domains | arc-download[.]com; arcthost[.]org |
VirusTotal Detections and Serving IP Addresses | arc-download[.]com (65.21.179.3); arcthost[.]org (94.228.168.245) |
Damage | Malicious online advertisements, infected email attachments, social engineering, software 'cracks'. |
Malware Removal (Mac) | To eliminate possible malware infections, scan your Mac with legitimate antivirus software. Our security researchers recommend using Combo Cleaner. |
Stealer-type malware examples
We have written about countless malicious programs; PureLand, Cuckoo, GoSorry, and Realst are just some of our newest articles on Mac-specific stealers. Information-targeting malware can seek incredibly specific details or a wide variety of data.
Yet regardless of what information malicious software aims to exfiltrate or if it has any data-stealing capabilities – its presence on a system threatens device integrity and user safety. Therefore, all threats must be eliminated immediately upon detection.
How did Poseidon infiltrate my computer?
Poseidon has been noted being spread via malvertising, specifically malicious Google Ads. Essentially, cyber criminals abuse the legitimate advertising service to put up malignant sponsored adverts as the topmost Google search engine results.
Poseidon is proliferated through fake websites promoting Arc browser. The installer downloaded from these pages appears genuine; however, it instructs victims to "right-click to open" in order to bypass certain security measures.
Other distribution techniques are likely. Poseidon's developers are offering it for sale on hacker forums. Hence, it is probable that how this stealer is distributed depends on the attackers using it.
Generally, malware is spread by relying on phishing and social engineering techniques. This software is often disguised as or bundled with legitimate/ordinary programs or media files.
The most common malware distribution methods include: drive-by (stealthy/deceptive) downloads, malicious attachments/links in spam (e.g., emails, PMs/DMs, social media posts, etc.), online scams, malvertising, untrustworthy download sources (e.g., freeware and free file-hosting sites, Peer-to-Peer sharing networks, etc.), pirated content, illegal software activation tools ("cracks"), and fake updates.
What is more, some malicious programs can self-proliferate via local networks and removable storage devices (e.g., USB flash drives, external hard drives, etc.).
How to avoid installation of malware?
We strongly recommend downloading only from official and verified channels. Additionally, we advise vigilance when browsing, as fraudulent and dangerous online content typically appears genuine and harmless.
Another recommendation is to activate and update software using legitimate functions/tools, as those obtained from third-parties can contain malware. Incoming emails and other messages must be approached with care. Attachments or links present in suspicious/irrelevant mail must not be opened, as they can be malicious.
We must emphasize the importance of having a dependable anti-virus installed and kept up-to-date. Security programs must be used to perform regular system scans and to remove threats/issues. If you believe that your computer is already infected, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate infiltrated malware.
Deceptive installer proliferating Poseidon stealer:
Fake Arc browser promotional website proliferating Poseidon stealer:
Poseidon stealer's developers promoting it on hacker forums:
Instant automatic Mac malware removal:
Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of Mac malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner for Mac
By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.
Quick menu:
Potentially unwanted applications removal:
Remove potentially unwanted applications from your "Applications" folder:
Click the Finder icon. In the Finder window, select "Applications". In the applications folder, look for "MPlayerX","NicePlayer", or other suspicious applications and drag them to the Trash. After removing the potentially unwanted application(s) that cause online ads, scan your Mac for any remaining unwanted components.
Frequently Asked Questions (FAQ)
My computer is infected with Poseidon malware, should I format my storage device to get rid of it?
Malware removal rarely requires formatting.
What are the biggest issues that Poseidon malware can cause?
The threats linked to an infection depend on the malware's functionalities and the attackers' goals. Poseidon is a stealer that seeks vulnerable data (log-in credentials, cryptowallets, etc.). Generally, infections of this kind can result in severe privacy issues, financial losses, and identity theft.
What is the purpose of Poseidon malware?
Profit is the primary motivation behind malware infections. Aside from generating revenue, malicious software can be used to amuse the cyber criminals, carry out personal grudges, disrupt processes (e.g., sites, processes, companies, etc.), engage in hacktivism, and launch politically/geopolitically motivated attacks.
How did Poseidon malware infiltrate my computer?
Will Combo Cleaner protect me from malware?
Yes, Combo Cleaner is designed to scan systems and eliminate all kinds of threats. It is capable of detecting and removing most of the known malware infections. It must be stressed that high-end malicious programs typically hide deep within systems – therefore, performing a complete system scan is paramount.
▼ Show Discussion