Atomic Stealer

Malware Profile Updated 3 days ago
Download STIX
Preview STIX
The Atomic Stealer, also known as AMOS, is a malicious software designed to exploit and damage macOS devices. This malware is delivered through a malvertising campaign that uses deceptive tactics to infect systems. The malware infiltrates devices disguised as a Safari update, with the intent of exfiltrating iCloud Keychain- and browser-stored data in addition to user files. The hackers behind this operation have specifically targeted macOS systems as part of a new phase in the ClearFake campaign. On September 9, 2023, threat actors launched a new malvertising campaign leveraging a fraudulent TradingView ad on Google search to facilitate the distribution of an updated version of the macOS information-stealing malware Atomic Stealer. This was reported by various cybersecurity outlets, including SC Magazine and The Hacker News. The campaign involved an ad redirecting users to a website with options to download software for various operating systems. Notably, clicking the macOS download link triggered the download of an updated Atomic Stealer. The ClearFake fake browser update campaign has now expanded its reach to target Apple computers with the Atomic Stealer (AMOS) malware. To prevent an Atomic Stealer infection on your macOS endpoints, it's recommended to exercise caution when downloading updates or software from unverified sources. It is crucial to maintain up-to-date security software and follow best practices for internet safety to mitigate the risk of such malware infections.
What's your take? (Question 1 of 5)
f076f0b8-fb00-4476-a85b-93e3268eabf0 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Amos
4
AMOS is a malicious software (malware) that has been specifically designed to target Mac systems, both Intel-based and ARM-based. It is capable of stealing passwords, personal files, and information from crypto wallets, posing a significant threat to user security. AMOS was first identified as part
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Macos
Malvertising
Windows
Safari
Telegram
Payload
Chrome
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
ClearfakeUnspecified
2
ClearFake is a malware that has been identified as a significant threat to macOS systems. The malicious software, typically delivered through suspicious downloads, emails, or websites, infiltrates the user's system without their knowledge and can steal personal information, disrupt operations, or ho
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Atomic Stealer Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Securityaffairs
4 months ago
Security Affairs newsletter Round 456 by Pierluigi Paganini
CERT-EU
6 months ago
How Fake Chrome, Safari Updates Can Infect Your Mac With AMOS Malware
Securityaffairs
2 months ago
Security Affairs newsletter Round 465 by Pierluigi Paganini
CERT-EU
3 months ago
New Atomic Stealer malware variant harder to detect in macOS
Securityaffairs
5 months ago
Security Affairs newsletter Round 453 by Pierluigi Paganini
DARKReading
6 months ago
Fake Browser Updates Targeting Mac Systems With Infostealer
Securityaffairs
3 months ago
Security Affairs newsletter Round 461 by Pierluigi Paganini
Malwarebytes
9 months ago
Mac users targeted in new malvertising campaign delivering Atomic Stealer
Securityaffairs
8 months ago
Security Affairs newsletter Round 440 by Pierluigi Paganini
Securityaffairs
6 months ago
Security Affairs newsletter Round 449 by Pierluigi Paganini
Securityaffairs
24 days ago
Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
CERT-EU
5 months ago
Atomic Stealer rings in the new year with updated version | Malwarebytes
Securityaffairs
6 months ago
Security Affairs newsletter Round 447 by Pierluigi Paganini
Securityaffairs
2 months ago
Security Affairs newsletter Round 466 by Pierluigi Paganini
Securityaffairs
5 months ago
Security Affairs newsletter Round 452 by Pierluigi Paganini
Securityaffairs
3 days ago
Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
a month ago
Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
CERT-EU
5 months ago
Report: Sandworm hackers unlikely involved in Denmark cyberattacks
Securityaffairs
2 months ago
Security Affairs newsletter Round 463 by Pierluigi Paganini
CERT-EU
5 months ago
Atomic Stealer rings in the new year with updated version - Cyber Security Review