Atomic Macos Stealer Amos

In April 2023, Cyble Research and Intelligence Labs (CRIL) discovered a new malware named Atomic macOS Stealer (AMOS) being advertised for sale on a Telegram channel. The malware was found to be part of a larger operation involving several other variants such as Vidar, Lumma, and Octo. These threat actors utilized a GitHub profile to impersonate legitimate software applications including 1Password, Bartender 5, and Pixelmator Pro to distribute various types of malware, including AMOS. During the investigation, twelve websites were identified that falsely advertised downloads of legitimate macOS applications but instead directed victims to the deceptive GitHub profile to distribute AMOS. The Atomic macOS Stealer (AMOS) is designed to exploit and damage computer systems, primarily by stealing personal information. Once downloaded and installed, it can disrupt operations, steal sensitive data, or even hold data hostage for ransom. It was found to be bundled with Vortax, a purported virtual meeting software, which also delivered two other potent information stealers—Rhadamanthys and Stealc. The campaign demonstrated how attackers exploit trusted internet services to carry out cyberattacks that compromise personal information. Protection against AMOS involves vigilance in downloading software from trusted sources only and maintaining up-to-date security measures. Users are advised to avoid suspicious downloads, emails, or websites that could potentially harbor such malware. Regular system updates, use of reliable antivirus software, and avoiding unverified software downloads can significantly reduce the risk of infection. The discovery of AMOS underscores the importance of ongoing cybersecurity efforts to identify and neutralize such threats before they can cause significant harm.