Atomic Stealer (AMOS) is a software vulnerability specifically designed to target macOS devices. Discovered by Malwarebytes in September 2023, this flaw was propagated through a cybercriminal campaign that exploited malicious ads to spread the malware to Mac users. The malware was also distributed via compromised websites, indicating a broad and multi-faceted attack strategy. Notably, an open directory on the same domain revealed the location of the Windows payload, dubbed FakeBat, alongside the Mac-targeted Atomic Stealer.
Throughout last year, several malware distribution campaigns were documented that delivered AMOS onto Mac users, both through malvertising and compromised sites. In one instance, the 'ClearFake' fake browser update campaign expanded its reach to macOS, targeting Apple computers with the Atomic Stealer malware. This illustrates the increasing sophistication of these campaigns and their ability to adapt and exploit different platforms and vulnerabilities.
In a related development, a threat actor known as Rodrigo4 on the XSS underground forum has been working on a stealer with similar features and code base as AMOS. Additionally, a recent campaign was observed pushing both Windows and Mac malware, the latter being an updated version of the new but increasingly popular Atomic Stealer for Mac. These developments highlight the ongoing evolution of the threat landscape and underline the need for robust cybersecurity measures.
Description last updated: 2024-06-27T15:16:04.481Z