Atomic Macos Stealer

Malware Profile Updated a month ago

Download STIX

Preview STIX

The Atomic macOS Stealer (AMOS) is a powerful new malware that emerged in early 2023, targeting Apple users. It was discovered by Cyble Research and Intelligence Labs (CRIL) in April of the same year when it was advertised for sale on Telegram. AMOS can steal various types of information from infected machines, including Keychain passwords, complete system information, files from the desktop and documents folder, and even the macOS password. This malware has since become a growing threat to macOS users. AMOS was part of an extensive campaign aimed at cryptocurrency theft and was delivered alongside other infostealers such as Rhadamanthys and Stealc in cross-platform attacks. These infostealers were hidden in fake browser updates or disguised as legitimate software, targeting both Intel- and ARM-based devices depending on the victim's operating system. The use of these deceptive tactics made it more difficult for users to recognize and avoid the threat. From its discovery until December 31, 2023, a subscription to the Atomic macOS Stealer was sold for $2000, making it accessible to malicious parties seeking to exploit macOS users. Despite its high cost, the malware was popular due to its effectiveness and the potential financial gain for those using it for illicit purposes. As such, AMOS represents a significant cybersecurity threat that requires ongoing vigilance and robust protective measures.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Amos	3	AMOS is a malicious software (malware) that targets Mac systems, with the ability to steal passwords, personal files, and cryptocurrency wallet information. It was first identified as part of the ClearFake campaign, which aimed to spread the macOS AMOS information stealer. The malware can infect bot

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Macos

Malware

Phishing

Malvertising

Malwarebytes

Safari

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
shadowvault	Unspecified	1	ShadowVault, a new malware specifically targeting macOS devices, has been recently identified by Guardz Cyber Intelligence Research (CIR). Discovered in June 2023 and prominently advertised on Russian-language cybercriminal forums for $500 per month, ShadowVault is capable of stealing sensitive info
Risepro	Unspecified	1	RisePro is a type of malware, specifically an info-stealer, designed to infiltrate and damage computer systems. It operates by exploiting vulnerabilities in a device, often through suspicious downloads, emails, or websites, typically without the user's knowledge. Once inside, RisePro can disrupt ope

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Atomic Macos Stealer (Amos	Unspecified	2	None

Source Document References

Information about the Atomic Macos Stealer Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
InfoSecurity-magazine	a month ago	Fake Meeting Software Spreads macOS Infostealer
DARKReading	3 months ago	Web3 Game Developers Targeted in Crypto Theft Scheme
CERT-EU	7 months ago	Atomic Stealer rings in the new year with updated version \| Malwarebytes
CERT-EU	8 months ago	PSA: Watch out for these fake Safari and Chrome updates infecting Macs with AMOS - 9to5Mac
Securityaffairs	a year ago	A malvertising campaign is delivering a new version of macOS Atomic Stealer
CERT-EU	a year ago	PSA: 'Atomic macOS Stealer' malware can compromise iCloud Keychain passwords, credit cards, crypto wallets
CERT-EU	a year ago	Mac malware-for-hire steals passwords and cryptocoins, sends “crime logs” via Telegram \| IT Security News
Naked Security	a year ago	S3 Ep133: Apple takes “tight-lipped” to a whole new level
Securityaffairs	8 months ago	ClearFake campaign spreads macOS AMOS information stealer
CERT-EU	a year ago	Just for $1000 per month hack macOS computers with this undetectable malware
CERT-EU	a year ago	Links 08/09/2023: Release of Francis 1.0, EnterpriseDB Chooses GNU General Public License v3 for Component
CERT-EU	a year ago	‘Atomic macOS Stealer’ Malware Delivered via Malvertising Campaign
CERT-EU	a year ago	This New macOS Info-stealer in Town is Targeting Crypto Wallets \| IT Security News
Securityaffairs	a year ago	Atomic macOS Stealer is advertised on Telegram for $K per month
CERT-EU	a year ago	Cyber security week in review: April 28, 2023
Naked Security	a year ago	Mac malware-for-hire steals passwords and cryptocoins, sends “crime logs” via Telegram
CERT-EU	a year ago	New hVNC macOS Malware Advertised on Hacker Forum
CERT-EU	a year ago	Mac users hit by Atomic Stealer malware via malicious Google Search ads - 9to5Mac
CERT-EU	a year ago	New Information Stealer ‘Mystic Stealer’ Rising to Fame
CERT-EU	a year ago	ShadowVault macOS Stealer surfaces as the newest sophisticated Mac malware