Atomic Stealer Amos

Vulnerability updated 15 hours ago (2024-10-17T14:00:56.091Z)

Download STIX

Preview STIX

Atomic Stealer (AMOS) is a vulnerability that was identified as a significant threat to macOS devices in 2023. This flaw in software design or implementation was exploited by cybercriminals who targeted Mac users through various malware distribution campaigns. These campaigns were primarily carried out via malvertising and compromised sites, as documented by Malwarebytes Labs. A threat actor known as Rodrigo4 in the XSS underground forum was found to be working on a stealer with similar features and code base as AMOS, indicating its potential for further exploitation. In September 2023, Malwarebytes discovered a significant campaign spreading AMOS malware to Mac users through malicious ads. Additionally, another campaign, named 'ClearFake', expanded to macOS, using fake browser updates to deliver AMOS onto Apple computers. The same domain used for these campaigns also showed an open directory revealing the locations of both the Windows payload, which was an MSI installer called FakeBat, and the Mac one, Atomic Stealer (AMOS). Last year saw a worrying increase in the distribution of AMOS to Mac users, with hackers utilizing both malvertising and compromised sites to deliver the malware. Moreover, a recent campaign was captured pushing malware for both Windows and Mac, with the latter being an updated version of the increasingly popular Atomic Stealer (AMOS) for Mac. This highlights the ongoing threat posed by AMOS and the importance of continued vigilance and robust cybersecurity measures.

Description last updated: 2024-10-17T13:12:47.396Z

What's your take? (Question 1 of 4)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Fakebat is a possible alias for Atomic Stealer Amos. FakeBat is a notable malware variant that has been increasingly involved in malvertising campaigns since at least November 2022, as per an early 2023 Intel471 report. This malicious software exploits and damages computers or devices by infiltrating systems through suspicious downloads, emails, or we	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Malvertising

Windows

Payload

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Atomic Stealer Amos Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Malwarebytes	9 months ago	Atomic Stealer rings in the new year with updated version
Malwarebytes	4 months ago	'Poseidon' Mac stealer distributed via Google ads \| Malwarebytes
CERT-EU	a year ago	Mac Systems Under Threat: ClearFake Campaign Deploys Atomic Stealer Malware
CERT-EU	a year ago	Atomic Stealer malware strikes macOS via fake browser updates
Malwarebytes	a year ago	Mac users targeted in new malvertising campaign delivering Atomic Stealer
Malwarebytes	8 months ago	State of Malware 2024: What consumers need to know \| Malwarebytes
CERT-EU	9 months ago	Atomic Stealer rings in the new year with updated version - Cyber Security Review
CERT-EU	9 months ago	Atomic Stealer rings in the new year with updated version \| Malwarebytes