Atomic Macos Stealer Amos

Malware updated 2 months ago (2024-07-09T13:17:44.808Z)

Download STIX

Preview STIX

In April 2023, Cyble Research and Intelligence Labs (CRIL) discovered a new malware named Atomic macOS Stealer (AMOS) being advertised for sale on a Telegram channel. The malware was found to be part of a larger operation involving several other variants such as Vidar, Lumma, and Octo. These threat actors utilized a GitHub profile to impersonate legitimate software applications including 1Password, Bartender 5, and Pixelmator Pro to distribute various types of malware, including AMOS. During the investigation, twelve websites were identified that falsely advertised downloads of legitimate macOS applications but instead directed victims to the deceptive GitHub profile to distribute AMOS. The Atomic macOS Stealer (AMOS) is designed to exploit and damage computer systems, primarily by stealing personal information. Once downloaded and installed, it can disrupt operations, steal sensitive data, or even hold data hostage for ransom. It was found to be bundled with Vortax, a purported virtual meeting software, which also delivered two other potent information stealers—Rhadamanthys and Stealc. The campaign demonstrated how attackers exploit trusted internet services to carry out cyberattacks that compromise personal information. Protection against AMOS involves vigilance in downloading software from trusted sources only and maintaining up-to-date security measures. Users are advised to avoid suspicious downloads, emails, or websites that could potentially harbor such malware. Regular system updates, use of reliable antivirus software, and avoiding unverified software downloads can significantly reduce the risk of infection. The discovery of AMOS underscores the importance of ongoing cybersecurity efforts to identify and neutralize such threats before they can cause significant harm.

Description last updated: 2024-07-09T13:16:43.929Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

1password

Macos

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
Vidar	Unspecified	2	Vidar is a type of malware specifically designed to infiltrate and exploit Windows-based systems. It's written in C++ and is based on the Arkei stealer, which means it has the capability to steal personal information from infected devices. Vidar has been found impersonating legitimate software appli

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

ID	Type	Votes	Profile Description
Atomic Macos Stealer (Amos	Unspecified	4	None

Source Document References

Information about the Atomic Macos Stealer Amos Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Recorded Future	2 months ago	GitCaught: Threat Actor Leverages GitHub Repository for Malicious Infrastructure \| Recorded Future
Recorded Future	2 months ago	The Travels of “markopolo”: Self-Proclaimed Meeting Software Vortax Spreads Infostealers, Unveils Expansive Network of Malicious macOS Applications \| Recorded Future
Recorded Future	3 months ago	The Travels of “markopolo”: Self-Proclaimed Meeting Software Vortax Spreads Infostealers, Unveils Expansive Network of Malicious macOS Applications \| Recorded Future
Securityaffairs	4 months ago	GitCaught campaign relies on Github and Filezilla to deliver multiple malware
Recorded Future	4 months ago	GitCaught: Threat Actor Leverages GitHub Repository for Malicious Infrastructure \| Recorded Future
InfoSecurity-magazine	4 months ago	Russian Actors Weaponize Legitimate Services in Multi-Malware Attack
CERT-EU	10 months ago	PSA: Watch out for these fake Safari and Chrome updates infecting Macs with AMOS - 9to5Mac
Securityaffairs	a year ago	A malvertising campaign is delivering a new version of macOS Atomic Stealer
CERT-EU	a year ago	Anomali Cyber Watch: APT37 Adopts LNK Files, Charming Kitten Uses BellaCiao Implant-Dropper, ViperSoftX Infostealer Unique Byte Remapping Encryption
CERT-EU	a year ago	PSA: 'Atomic macOS Stealer' malware can compromise iCloud Keychain passwords, credit cards, crypto wallets
CERT-EU	a year ago	Links 08/09/2023: Release of Francis 1.0, EnterpriseDB Chooses GNU General Public License v3 for Component
CERT-EU	a year ago	Hackers are Selling a new Atomic macOS (AMOS) Stealer on Telegram \| IT Security News
Securityaffairs	a year ago	Atomic macOS Stealer is advertised on Telegram for $K per month
CERT-EU	a year ago	New AMOS Mac malware targets passwords, personal files, crypto wallets