Atomic Stealer Amos

Vulnerability updated 4 days ago (2024-11-21T11:30:43.503Z)

Download STIX

Preview STIX

Atomic Stealer Amos is a software vulnerability that was discovered in 2023, designed to exploit macOS devices. This flaw in software design or implementation was used by cybercriminals to spread malware to Mac users, primarily through malicious advertising and compromised websites. The malware was developed by a threat actor known as Rodrigo4 in the XSS underground forum, who created a stealer with features and code base similar to the infamous Atomic Stealer (AMOS). In September 2023, Malwarebytes documented a significant campaign distributing this malware via malvertising. The same domain also contained an open directory showing the location of both the Windows payload, a MSI installer known as FakeBat, and the Mac payload, Atomic Stealer (AMOS). In addition to these campaigns, a fake browser update campaign named 'ClearFake' expanded its operations to macOS, specifically targeting Apple computers with the Atomic Stealer (AMOS) malware. The Atomic Stealer (AMOS) malware also evolved over time, with updated versions being pushed to both Windows and Mac systems. On Windows machines, Lumma Stealer was installed, while on Macs, the Atomic Stealer (AMOS) was deployed. Despite its recent introduction, the Atomic Stealer (AMOS) for Mac has quickly gained popularity among threat actors, highlighting the ongoing risk it poses to macOS users.

Description last updated: 2024-11-21T10:34:29.048Z

What's your take? (Question 1 of 4)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Fakebat is a possible alias for Atomic Stealer Amos. FakeBat, also known as Eugenloader and PaykLoader, is a unique malware loader that has been observed in several malvertising campaigns. The malware is often used to drop follow-up payloads such as Lumma stealer. It was first noticed on July 25, 2024, via a malicious ad for Calendly, a popular online	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Malvertising

Windows

Payload

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Atomic Stealer Amos Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Malwarebytes	4 days ago	Free AI editor lures in victims, installs information stealer instead on Windows and Mac \| Malwarebytes
Malwarebytes	10 months ago	Atomic Stealer rings in the new year with updated version
Malwarebytes	5 months ago	'Poseidon' Mac stealer distributed via Google ads \| Malwarebytes
CERT-EU	a year ago	Mac Systems Under Threat: ClearFake Campaign Deploys Atomic Stealer Malware
CERT-EU	a year ago	Atomic Stealer malware strikes macOS via fake browser updates
Malwarebytes	a year ago	Mac users targeted in new malvertising campaign delivering Atomic Stealer
Malwarebytes	10 months ago	State of Malware 2024: What consumers need to know \| Malwarebytes
CERT-EU	10 months ago	Atomic Stealer rings in the new year with updated version - Cyber Security Review
CERT-EU	10 months ago	Atomic Stealer rings in the new year with updated version \| Malwarebytes