Amos

Malware updated 10 hours ago (2024-11-21T11:32:03.343Z)

Download STIX

Preview STIX

AMOS is a malicious software (malware) specifically designed to target macOS systems. First identified in early 2023, it has been associated with campaigns such as the ClearFake campaign, which spread the AMOS information stealer across macOS devices. This malware is particularly dangerous due to its ability to steal valuable data from infected computers, including credit card details, authentication cookies, passwords, and cryptocurrency wallet information. It can also extract data from web browsers and their extensions, further enhancing its potential for harm. The distribution of AMOS often involves deceptive tactics to trick users into inadvertently installing the malware. One method involves mimicking legitimate applications, such as the Homebrew app, or presenting itself as an update for popular browsers like Chrome or Safari. Once installed, AMOS can deploy various binaries including HijackLoader, Stealc, Rhadamanthys, and others that are all geared towards stealing crypto assets or data for identity theft and other fraudulent activities. Protection against AMOS and similar threats involves careful management of system settings and diligent scrutiny of downloads and updates. Security firms advise users to open the Settings app and adjust their keyboard settings as one way to guard against these types of software. Moreover, remaining vigilant about suspicious emails, websites, and downloads, along with keeping antivirus software updated, can significantly reduce the risk of falling victim to this and other malware attacks.

Description last updated: 2024-11-21T10:34:40.241Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Atomic Stealer is a possible alias for Amos. The Atomic Stealer is a type of malware that poses a significant threat to macOS devices. This malicious software infiltrates systems, often unbeknownst to the user, through suspicious downloads, emails, or websites. Once installed, it has the potential to steal personal information, disrupt operati	5
Amos Stealer is a possible alias for Amos. AMOS Stealer is a malicious software (malware) that was first identified in early 2023, specifically targeting macOS. This harmful program infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrup	4
Atomic Macos Stealer is a possible alias for Amos. The Atomic macOS Stealer (AMOS) is a powerful new malware that emerged in early 2023, targeting Apple users. It was discovered by Cyble Research and Intelligence Labs (CRIL) in April of the same year when it was advertised for sale on Telegram. AMOS can steal various types of information from infect	3
Clearfake is a possible alias for Amos. ClearFake is a malicious software, or malware, that has been identified as a significant threat to cybersecurity. Its primary method of propagation is through fake browser updates, encouraging users to copy and execute harmful PowerShell commands. This deceptive approach enables cybercriminals to in	3

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Macos

Malware

Windows

Payload

Infostealer

Malvertising

Malwarebytes

Safari

Android

Vulnerability

Chrome

1password

Exploit

Infostealers

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Lumma Malware is associated with Amos. Lumma is a malicious software (malware) that has been causing significant security concerns due to its ability to steal sensitive information. The malware was delivered to victims primarily through websites hosting cracked games, specifically targeting gamers. In August and September, researchers re	Unspecified	2
The Vidar Malware is associated with Amos. Vidar is a malicious software (malware) that primarily targets Windows systems, written in C++ and based on the Arkei stealer. It has historically been favored by threat actors who sell logs through marketplaces like 2easy, alongside other infostealers such as Raccoon, RedLine, and AZORult. The malw	is related to	2
The Rhadamanthys Malware is associated with Amos. Rhadamanthys is a sophisticated and notorious malware, known for its ability to steal sensitive information. It has been utilized by various threat actors, including nation-state entities such as Iran's Void Manticore and the pro-Palestine group "Handala." Its deployment often involves phishing tact	Unspecified	2
The Vortax Malware is associated with Amos. Vortax, initially perceived as a virtual meeting software, has been identified by Recorded Future's Insikt Group as a potent malware affecting macOS security. Orchestrated by the threat actor "markopolo," Vortax is part of a large-scale cyberattack campaign that disseminates three infostealers: Rhad	Unspecified	2

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

Alias Description	Association Type	Votes
The vulnerability Atomic Macos Stealer (Amos is associated with Amos.	Unspecified	4

Source Document References

Information about the Amos Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Malwarebytes	13 hours ago	Free AI editor lures in victims, installs information stealer instead on Windows and Mac \| Malwarebytes
BankInfoSecurity	21 days ago	Mac Malware Threat: Hackers Seek Cryptocurrency Holders
Securelist	a month ago	Stealers on the rise: Kral, AMOS, Vidar and ACR
DARKReading	2 months ago	'Marko Polo' Creates Globe-Spanning Cybercrime Juggernaut
Recorded Future	2 months ago	"Marko Polo" Cybercrime Group Unveiled: Infostealer Empire Expands Global Threats
CERT-EU	a year ago	Hackers Bypass Apple's Checks to Deliver Malicious Keyboards Used to Spy on Users: Report
CERT-EU	9 months ago	AMOS macOS Stealer Steals Particular Files on the System & Browser Data
Recorded Future	4 months ago	Cybercriminal Campaign Spreads Infostealers, Highlighting Risks to Web3 Gaming \| Recorded Future
Recorded Future	4 months ago	The Travels of “markopolo”: Self-Proclaimed Meeting Software Vortax Spreads Infostealers, Unveils Expansive Network of Malicious macOS Applications \| Recorded Future
InfoSecurity-magazine	5 months ago	Fake Meeting Software Spreads macOS Infostealer
Recorded Future	5 months ago	The Travels of “markopolo”: Self-Proclaimed Meeting Software Vortax Spreads Infostealers, Unveils Expansive Network of Malicious macOS Applications \| Recorded Future
Securityaffairs	5 months ago	Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	6 months ago	Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	6 months ago	GitCaught campaign relies on Github and Filezilla to deliver multiple malware
InfoSecurity-magazine	6 months ago	Russian Actors Weaponize Legitimate Services in Multi-Malware Attack
Securityaffairs	7 months ago	Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
Recorded Future	7 months ago	Cybercriminal Campaign Spreads Infostealers, Highlighting Risks to Web3 Gaming \| Recorded Future
Securityaffairs	7 months ago	Security Affairs newsletter Round 466 by Pierluigi Paganini