Atomic Macos Stealer

Malware updated 5 months ago (2024-06-18T16:17:34.978Z)

Download STIX

Preview STIX

The Atomic macOS Stealer (AMOS) is a powerful new malware that emerged in early 2023, targeting Apple users. It was discovered by Cyble Research and Intelligence Labs (CRIL) in April of the same year when it was advertised for sale on Telegram. AMOS can steal various types of information from infected machines, including Keychain passwords, complete system information, files from the desktop and documents folder, and even the macOS password. This malware has since become a growing threat to macOS users. AMOS was part of an extensive campaign aimed at cryptocurrency theft and was delivered alongside other infostealers such as Rhadamanthys and Stealc in cross-platform attacks. These infostealers were hidden in fake browser updates or disguised as legitimate software, targeting both Intel- and ARM-based devices depending on the victim's operating system. The use of these deceptive tactics made it more difficult for users to recognize and avoid the threat. From its discovery until December 31, 2023, a subscription to the Atomic macOS Stealer was sold for $2000, making it accessible to malicious parties seeking to exploit macOS users. Despite its high cost, the malware was popular due to its effectiveness and the potential financial gain for those using it for illicit purposes. As such, AMOS represents a significant cybersecurity threat that requires ongoing vigilance and robust protective measures.

Description last updated: 2024-06-18T16:16:06.112Z

What's your take? (Question 1 of 4)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Amos is a possible alias for Atomic Macos Stealer. AMOS is a malicious software (malware) specifically designed to target macOS systems. First identified in early 2023, it has been associated with campaigns such as the ClearFake campaign, which spread the AMOS information stealer across macOS devices. This malware is particularly dangerous due to it	3

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Macos

Malware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

Alias Description	Association Type	Votes
The vulnerability Atomic Macos Stealer (Amos is associated with Atomic Macos Stealer.	Unspecified	2

Source Document References

Information about the Atomic Macos Stealer Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Malwarebytes	10 months ago	Atomic Stealer rings in the new year with updated version
InfoSecurity-magazine	5 months ago	Fake Meeting Software Spreads macOS Infostealer
DARKReading	7 months ago	Web3 Game Developers Targeted in Crypto Theft Scheme
CERT-EU	10 months ago	Atomic Stealer rings in the new year with updated version \| Malwarebytes
CERT-EU	a year ago	PSA: Watch out for these fake Safari and Chrome updates infecting Macs with AMOS - 9to5Mac
Securityaffairs	a year ago	A malvertising campaign is delivering a new version of macOS Atomic Stealer
CERT-EU	2 years ago	PSA: 'Atomic macOS Stealer' malware can compromise iCloud Keychain passwords, credit cards, crypto wallets
CERT-EU	2 years ago	Mac malware-for-hire steals passwords and cryptocoins, sends “crime logs” via Telegram \| IT Security News
Naked Security	2 years ago	S3 Ep133: Apple takes “tight-lipped” to a whole new level
Securityaffairs	a year ago	ClearFake campaign spreads macOS AMOS information stealer
CERT-EU	2 years ago	Just for $1000 per month hack macOS computers with this undetectable malware
CERT-EU	a year ago	Links 08/09/2023: Release of Francis 1.0, EnterpriseDB Chooses GNU General Public License v3 for Component
CERT-EU	a year ago	‘Atomic macOS Stealer’ Malware Delivered via Malvertising Campaign
CERT-EU	2 years ago	This New macOS Info-stealer in Town is Targeting Crypto Wallets \| IT Security News
Securityaffairs	2 years ago	Atomic macOS Stealer is advertised on Telegram for $K per month
CERT-EU	2 years ago	Cyber security week in review: April 28, 2023
Naked Security	2 years ago	Mac malware-for-hire steals passwords and cryptocoins, sends “crime logs” via Telegram
CERT-EU	a year ago	New hVNC macOS Malware Advertised on Hacker Forum
CERT-EU	a year ago	Mac users hit by Atomic Stealer malware via malicious Google Search ads - 9to5Mac
CERT-EU	a year ago	New Information Stealer ‘Mystic Stealer’ Rising to Fame