Atomic Stealer (AMOS) is a vulnerability that was identified as a significant threat to macOS devices in 2023. This flaw in software design or implementation was exploited by cybercriminals who targeted Mac users through various malware distribution campaigns. These campaigns were primarily carried out via malvertising and compromised sites, as documented by Malwarebytes Labs. A threat actor known as Rodrigo4 in the XSS underground forum was found to be working on a stealer with similar features and code base as AMOS, indicating its potential for further exploitation.
In September 2023, Malwarebytes discovered a significant campaign spreading AMOS malware to Mac users through malicious ads. Additionally, another campaign, named 'ClearFake', expanded to macOS, using fake browser updates to deliver AMOS onto Apple computers. The same domain used for these campaigns also showed an open directory revealing the locations of both the Windows payload, which was an MSI installer called FakeBat, and the Mac one, Atomic Stealer (AMOS).
Last year saw a worrying increase in the distribution of AMOS to Mac users, with hackers utilizing both malvertising and compromised sites to deliver the malware. Moreover, a recent campaign was captured pushing malware for both Windows and Mac, with the latter being an updated version of the increasingly popular Atomic Stealer (AMOS) for Mac. This highlights the ongoing threat posed by AMOS and the importance of continued vigilance and robust cybersecurity measures.
Description last updated: 2024-10-17T13:12:47.396Z