Amos

Malware updated 8 days ago (2024-11-29T14:52:04.711Z)
Download STIX
Preview STIX
AMOS is a malicious software (malware) specifically designed to target macOS systems. First identified in early 2023, it has been associated with campaigns such as the ClearFake campaign, which spread the AMOS information stealer across macOS devices. This malware is particularly dangerous due to its ability to steal valuable data from infected computers, including credit card details, authentication cookies, passwords, and cryptocurrency wallet information. It can also extract data from web browsers and their extensions, further enhancing its potential for harm. The distribution of AMOS often involves deceptive tactics to trick users into inadvertently installing the malware. One method involves mimicking legitimate applications, such as the Homebrew app, or presenting itself as an update for popular browsers like Chrome or Safari. Once installed, AMOS can deploy various binaries including HijackLoader, Stealc, Rhadamanthys, and others that are all geared towards stealing crypto assets or data for identity theft and other fraudulent activities. Protection against AMOS and similar threats involves careful management of system settings and diligent scrutiny of downloads and updates. Security firms advise users to open the Settings app and adjust their keyboard settings as one way to guard against these types of software. Moreover, remaining vigilant about suspicious emails, websites, and downloads, along with keeping antivirus software updated, can significantly reduce the risk of falling victim to this and other malware attacks.
Description last updated: 2024-11-21T10:34:40.241Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Atomic Stealer is a possible alias for Amos. The Atomic Stealer is a type of malware that poses a significant threat to macOS devices. This malicious software infiltrates systems, often unbeknownst to the user, through suspicious downloads, emails, or websites. Once installed, it has the potential to steal personal information, disrupt operati
5
Amos Stealer is a possible alias for Amos. AMOS Stealer is a malicious software (malware) that was first identified in early 2023, specifically targeting macOS. This harmful program infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrup
4
Atomic Macos Stealer is a possible alias for Amos. The Atomic macOS Stealer (AMOS) is a powerful new malware that emerged in early 2023, targeting Apple users. It was discovered by Cyble Research and Intelligence Labs (CRIL) in April of the same year when it was advertised for sale on Telegram. AMOS can steal various types of information from infect
3
Clearfake is a possible alias for Amos. ClearFake is a malicious software, or malware, that has been identified as a significant threat to cybersecurity. Its primary method of propagation is through fake browser updates, encouraging users to copy and execute harmful PowerShell commands. This deceptive approach enables cybercriminals to in
3
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Macos
Malware
Telegram
Windows
Payload
Infostealer
Malvertising
Malwarebytes
Safari
Android
Vulnerability
Chrome
1password
Trojan
Exploit
Infostealers
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Vortax Malware is associated with Amos. Vortax, initially perceived as a virtual meeting software, has been identified by Recorded Future's Insikt Group as a potent malware affecting macOS security. Orchestrated by the threat actor "markopolo," Vortax is part of a large-scale cyberattack campaign that disseminates three infostealers: RhadUnspecified
2
The Lumma Malware is associated with Amos. Lumma is a malicious software (malware) that has been causing significant security concerns due to its ability to steal sensitive information. The malware was delivered to victims primarily through websites hosting cracked games, specifically targeting gamers. In August and September, researchers reUnspecified
2
The Vidar Malware is associated with Amos. Vidar is a malicious software (malware) that primarily targets Windows systems, written in C++ and based on the Arkei stealer. It has historically been favored by threat actors who sell logs through marketplaces like 2easy, alongside other infostealers such as Raccoon, RedLine, and AZORult. The malwis related to
2
The Rhadamanthys Malware is associated with Amos. Rhadamanthys is a sophisticated and notorious malware, known for its ability to steal sensitive information. It has been utilized by various threat actors, including nation-state entities such as Iran's Void Manticore and the pro-Palestine group "Handala." Its deployment often involves phishing tactUnspecified
2
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The vulnerability Atomic Macos Stealer (Amos is associated with Amos. Unspecified
4
Source Document References
Information about the Amos Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securelist
6 days ago
Malwarebytes
16 days ago
BankInfoSecurity
a month ago
Securelist
a month ago
DARKReading
3 months ago
Recorded Future
3 months ago
CERT-EU
a year ago
CERT-EU
9 months ago
Recorded Future
5 months ago
Recorded Future
5 months ago
InfoSecurity-magazine
6 months ago
Recorded Future
6 months ago
Securityaffairs
6 months ago
Securityaffairs
6 months ago
Securityaffairs
7 months ago
InfoSecurity-magazine
7 months ago
Securityaffairs
7 months ago
Securityaffairs
7 months ago
Securityaffairs
8 months ago
Recorded Future
8 months ago