Amos Stealer

Malware updated a month ago (2024-10-22T19:00:56.658Z)

Download STIX

Preview STIX

AMOS Stealer is a malicious software (malware) that was first identified in early 2023, specifically targeting macOS. This harmful program infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. A notable feature of AMOS Stealer is its ability to impersonate legitimate macOS applications such as CleanShotX, 1Password, and Bartender, luring users into downloading the malware. In an investigation conducted by Recorded Future’s Insikt Group, 12 websites were discovered that mimicked these legitimate applications. A new variant of AMOS Stealer surfaced later, showing significant similarities with the second variant of RustDoor, another malware. This variant employs Apple Script, similar to Atomic Stealer, a different strain of malware. The use of Apple Script indicates a high level of adaptability and convenience in deploying the malware, raising serious concerns about its potential impact. This new variant has been found to target Safari cookies and crypto wallets, posing a significant threat to privacy and financial security. The AMOS Stealer has also been linked to cybercriminal activities involving cryptocurrencies. Reports suggest that hackers have been breaking into email accounts to steal cryptocurrency, leveraging the capabilities of this malware. Furthermore, there's evidence of threat actors selling the new Atomic MacOS AMOS Stealer on platforms like Telegram. This wide range of tactics and targets underlines the versatility and threat posed by the AMOS Stealer to individual and organizational cybersecurity.

Description last updated: 2024-10-22T17:40:54.666Z

What's your take? (Question 1 of 1)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Amos is a possible alias for Amos Stealer. AMOS is a malicious software (malware) specifically designed to target macOS systems. First identified in early 2023, it has been associated with campaigns such as the ClearFake campaign, which spread the AMOS information stealer across macOS devices. This malware is particularly dangerous due to it	4

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Macos

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Amos Stealer Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securelist	a month ago	Stealers on the rise: Kral, AMOS, Vidar and ACR
Bitdefender	a month ago	When Stealers Converge: New Variant of Atomic Stealer in the Wild
CERT-EU	9 months ago	New Variant of AMOS Stealer Targets Safari Cookies and Crypto Wallets
InfoSecurity-magazine	6 months ago	Russian Actors Weaponize Legitimate Services in Multi-Malware Attack
CERT-EU	2 years ago	SANS ISC Stormcast: Daily Network Security News Summary; Cyber Security Podcast
CERT-EU	a year ago	Kaspersky crimeware report: FakeSG, Akira and AMOS
Bitdefender	9 months ago	When Stealers Converge: New Variant of Atomic Stealer in the Wild