Amos Stealer

AMOS Stealer is a potent malware that targets macOS systems, exploiting them to steal personal information and disrupt operations. This malicious software infects systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once installed, it can compromise personal data, hinder system functionality, and potentially hold data for ransom. A new variant of AMOS Stealer has been identified, which uses an Apple Script similar to the one used by the second variant of RustDoor, another harmful program. This similarity suggests a possible link between these two malware variants. Recorded Future's Insikt Group discovered twelve websites impersonating legitimate macOS applications, such as CleanShotX, 1Password, and Bartender during an investigation into the AMOS stealer. These fraudulent sites lure users into downloading the malware, demonstrating the adaptability and convenience of this attack method, which raises significant concerns. The new variant of AMOS Stealer has also been linked with the FakeSG campaign, Akira ransomware, and other cybersecurity threats, further emphasizing its potential danger. In addition to stealing personal information, the new variant of AMOS Stealer targets Safari cookies and cryptocurrency wallets, according to HackRead.com. This sophisticated approach indicates a shift towards more lucrative targets, given the increasing popularity of digital currencies. The threat actor behind this new variant of AMOS Stealer was found selling it on Telegram, highlighting the expanding black market for such malicious software. Users are advised to exercise caution when downloading applications and to maintain up-to-date security measures to mitigate the risks posed by such malware.