FacebookTwitterLinkedIn

Removal instructions for the Poseidon stealer-type malware

Also Known As: Poseidon malware
Type: Mac Virus
Damage level: Severe

Tomas Meskauskas Written by on

What kind of malware is Poseidon?

Poseidon is a stealer-type malware targeting macOS devices. This malicious program seeks to acquire files, log-in credentials, cryptowallets, and other sensitive information. In the early summer of 2024, Poseidon was observed proliferating via malicious Google ads.

Poseidon malware VirusTotal detections

Poseidon malware overview

As mentioned in the introduction, Poseidon is designed to extract and exfiltrate data from infected machines. The stealer begins by collecting relevant device data (e.g., hardware info, device name, OS details, etc.).

According to the stealer's promotional material used by its developers, Poseidon has customizable file-grabbing abilities. It can obtain content from Notes, Photos (from Notes), and Keychain (native Mac password manager).

The malware also seeks data from browsers, such as Google Chrome, Safari, Mozilla Firefox, Microsoft Edge, Opera, and other browsers. Information of interest may include: browsing and search engine histories, Internet cookies, account log-in credentials (usernames/passwords), personally identifiable details, credit card numbers, and so on.

Additionally, Poseidon can steal over 160 cryptocurrency wallets. It likewise targets data associated with password managers, as well as FTP (File Transfer Protocol) and VPN (Virtual Private Network) clients.

Although the ability to steal VPN configurations is listed in the promotional material – it is unfinished as of the time of writing. Poseidon appears to be in active development – hence, potential future iterations of this stealer could include finished code, a broader target list, or additional/different capabilities.

In summary, the presence of software like Poseidon on devices can lead to severe privacy issues, financial losses, and identity theft.

Threat Summary:
Name Poseidon malware
Threat Type Mac malware, Mac virus, stealer, password-stealing virus
Detection Names Avast (MacOS:Agent-ANG [Trj]), Combo Cleaner (Gen:Variant.Trojan.MAC.Stealer.35), ESET-NOD32 (OSX/PSW.Agent.BN), Kaspersky (UDS:Trojan-PSW.OSX.Amos.v), Full List Of Detections (VirusTotal)
Symptoms Trojans are designed to stealthily infiltrate the victim's computer and remain silent, and thus no particular symptoms are clearly visible on an infected machine.
Distribution Methods Deceptive pop-up ads, free software installers (bundling).
Related Domains arc-download[.]com; arcthost[.]org
VirusTotal Detections and Serving IP Addresses arc-download[.]com (65.21.179.3); arcthost[.]org (94.228.168.245)
Damage Malicious online advertisements, infected email attachments, social engineering, software 'cracks'.
Malware Removal (Mac)

To eliminate possible malware infections, scan your Mac with legitimate antivirus software. Our security researchers recommend using Combo Cleaner.
▼ Download Combo Cleaner for Mac
To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Stealer-type malware examples

We have written about countless malicious programs; PureLandCuckooGoSorry, and Realst are just some of our newest articles on Mac-specific stealers. Information-targeting malware can seek incredibly specific details or a wide variety of data.

Yet regardless of what information malicious software aims to exfiltrate or if it has any data-stealing capabilities – its presence on a system threatens device integrity and user safety. Therefore, all threats must be eliminated immediately upon detection.

How did Poseidon infiltrate my computer?

Poseidon has been noted being spread via malvertising, specifically malicious Google Ads. Essentially, cyber criminals abuse the legitimate advertising service to put up malignant sponsored adverts as the topmost Google search engine results.

Poseidon is proliferated through fake websites promoting Arc browser. The installer downloaded from these pages appears genuine; however, it instructs victims to "right-click to open" in order to bypass certain security measures.

Other distribution techniques are likely. Poseidon's developers are offering it for sale on hacker forums. Hence, it is probable that how this stealer is distributed depends on the attackers using it.

Generally, malware is spread by relying on phishing and social engineering techniques. This software is often disguised as or bundled with legitimate/ordinary programs or media files.

The most common malware distribution methods include: drive-by (stealthy/deceptive) downloads, malicious attachments/links in spam (e.g., emails, PMs/DMs, social media posts, etc.), online scams, malvertising, untrustworthy download sources (e.g., freeware and free file-hosting sites, Peer-to-Peer sharing networks, etc.), pirated content, illegal software activation tools ("cracks"), and fake updates.

What is more, some malicious programs can self-proliferate via local networks and removable storage devices (e.g., USB flash drives, external hard drives, etc.).

How to avoid installation of malware?

We strongly recommend downloading only from official and verified channels. Additionally, we advise vigilance when browsing, as fraudulent and dangerous online content typically appears genuine and harmless.

Another recommendation is to activate and update software using legitimate functions/tools, as those obtained from third-parties can contain malware. Incoming emails and other messages must be approached with care. Attachments or links present in suspicious/irrelevant mail must not be opened, as they can be malicious.

We must emphasize the importance of having a dependable anti-virus installed and kept up-to-date. Security programs must be used to perform regular system scans and to remove threats/issues. If you believe that your computer is already infected, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate infiltrated malware.

Deceptive installer proliferating Poseidon stealer:

Installation setup of Poseidon malware

Fake Arc browser promotional website proliferating Poseidon stealer:

Deceptive website proliferating Poseidon malware (Arc browser download lure)

Poseidon stealer's developers promoting it on hacker forums:

Poseidon malware promoted online

Instant automatic Mac malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of Mac malware. Download it by clicking the button below:
 ▼ DOWNLOAD Combo Cleaner for Mac By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

Potentially unwanted applications removal:

Remove potentially unwanted applications from your "Applications" folder:

Manual removal of malicious Mac applications

Click the Finder icon. In the Finder window, select "Applications". In the applications folder, look for "MPlayerX","NicePlayer", or other suspicious applications and drag them to the Trash. After removing the potentially unwanted application(s) that cause online ads, scan your Mac for any remaining unwanted components.

Frequently Asked Questions (FAQ)

My computer is infected with Poseidon malware, should I format my storage device to get rid of it?

Malware removal rarely requires formatting.

What are the biggest issues that Poseidon malware can cause?

The threats linked to an infection depend on the malware's functionalities and the attackers' goals. Poseidon is a stealer that seeks vulnerable data (log-in credentials, cryptowallets, etc.). Generally, infections of this kind can result in severe privacy issues, financial losses, and identity theft.

What is the purpose of Poseidon malware?

Profit is the primary motivation behind malware infections. Aside from generating revenue, malicious software can be used to amuse the cyber criminals, carry out personal grudges, disrupt processes (e.g., sites, processes, companies, etc.), engage in hacktivism, and launch politically/geopolitically motivated attacks.

How did Poseidon malware infiltrate my computer?

Will Combo Cleaner protect me from malware?

Yes, Combo Cleaner is designed to scan systems and eliminate all kinds of threats. It is capable of detecting and removing most of the known malware infections. It must be stressed that high-end malicious programs typically hide deep within systems – therefore, performing a complete system scan is paramount.

▼ Show Discussion

About the author:

Tomas Meskauskas

Tomas Meskauskas - expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

New Removal Guides
Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Top Removal Guides
QR Code
Poseidon malware QR code
Scan this QR code to have an easy access removal guide of Poseidon malware on your mobile device.
We Recommend:

Get rid of Mac malware infections today:

▼ REMOVE IT NOW
Download Combo Cleaner for Mac

Platform: macOS

Editors' Rating for Combo Cleaner:
Editors ratingOutstanding!

[Back to Top]

To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.