Atomic Stealer Amos

Vulnerability Profile Updated a month ago
Download STIX
Preview STIX
Atomic Stealer (AMOS) is a software vulnerability specifically designed to target macOS devices. Discovered by Malwarebytes in September 2023, this flaw was propagated through a cybercriminal campaign that exploited malicious ads to spread the malware to Mac users. The malware was also distributed via compromised websites, indicating a broad and multi-faceted attack strategy. Notably, an open directory on the same domain revealed the location of the Windows payload, dubbed FakeBat, alongside the Mac-targeted Atomic Stealer. Throughout last year, several malware distribution campaigns were documented that delivered AMOS onto Mac users, both through malvertising and compromised sites. In one instance, the 'ClearFake' fake browser update campaign expanded its reach to macOS, targeting Apple computers with the Atomic Stealer malware. This illustrates the increasing sophistication of these campaigns and their ability to adapt and exploit different platforms and vulnerabilities. In a related development, a threat actor known as Rodrigo4 on the XSS underground forum has been working on a stealer with similar features and code base as AMOS. Additionally, a recent campaign was observed pushing both Windows and Mac malware, the latter being an updated version of the new but increasingly popular Atomic Stealer for Mac. These developments highlight the ongoing evolution of the threat landscape and underline the need for robust cybersecurity measures.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Fakebat
1
FakeBat is a notable malware variant that has been increasingly involved in malvertising campaigns since at least November 2022, as per an early 2023 Intel471 report. This malicious software exploits and damages computers or devices by infiltrating systems through suspicious downloads, emails, or we
Clearfake
1
ClearFake is a malicious software that has been identified as a fake browser update activity cluster, compromising legitimate websites with harmful HTML and JavaScript. The malware was first observed by Proofpoint in early April, employing a cut-and-paste technique for its delivery. ClearFake's camp
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Windows
Malware
Malvertising
Payload
Macos
XSS (Cross S...
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Atomic Stealer Amos Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Malwarebytes
a month ago
'Poseidon' Mac stealer distributed via Google ads | Malwarebytes
CERT-EU
8 months ago
Mac Systems Under Threat: ClearFake Campaign Deploys Atomic Stealer Malware
CERT-EU
8 months ago
Atomic Stealer malware strikes macOS via fake browser updates
Malwarebytes
a year ago
Mac users targeted in new malvertising campaign delivering Atomic Stealer
Malwarebytes
6 months ago
State of Malware 2024: What consumers need to know | Malwarebytes
CERT-EU
6 months ago
Atomic Stealer rings in the new year with updated version - Cyber Security Review
CERT-EU
7 months ago
Atomic Stealer rings in the new year with updated version | Malwarebytes