New AMOS malware for Mac targets passwords, personal files, crypto wallets

By Microsoft 3 Min Read


According to a new relationship by Cyble Research and Intelligence Labs (CRIL), hackers have created a new malware that targets macOS and steals important private information, such as macOS user account keychains and passwords, system information, and files on the Desktop and Documents folder.

Dubbed the Atomic macOS Stealer (AMOS), the malware also targets browsers and searches for information such as usernames, passwords, credit card numbers, cookies, and more. CRIL’s research also found that AMOS specifically targets crypto wallets from Atomic, Binance, Coinomi, Electrum, Exodus, and others.

“THE [threat actor] behind this thief is the constant improvement of this malware and adding new features to make it more effective,” according to CRIL, who found AMOS on Telegram, a service that offers private massage channels. In one such channel, the creators of AMOS advertised their malware for $1,000 a month If one were to enlist AMOS, they would have access to the malware, as well as “a web panel for victim management, brute-forcing meta masks to steal seeds and private keys, crypto checker and dmg installer, then share the log via Telegram.”

AMOS is spread via unsigned disk image files (.dmg), which are common when downloading new apps. When the user opens the .dmg file, they are asked to enter the user password for their Mac, which then activates the malware. The .dmg file may have filenames that appear legitimate – there have been reports of fake disk image instances labeled “Notion-7.0.6.dmg”, “Photoshop CC 2023.dmg”, and “Tor Browser.dmg” Virus Totala website that analyzes suspicious files and tracks them in a database.

The CRIL report follows a relationship last week by MalwareHunterTeam, which discovered that a collective known as Lockbits is working on encrypting ransomware that attacks macOS. AS Wired pointed out in his LockBit report, threat actors are starting to target Macs more frequently in an attempt to find new victims.

Apple has protections within macOS, and the company releases security patches via operating system updates, so it’s important to install them as soon as possible. When you download software, download it from trusted sources, such as the App Store (which carries out security checks of its software) or directly from the developer. Macworld has several guides to help you, including a guide on whether or not you need antivirus softwareA list of Mac viruses, malware and trojansit’s a Mac security software comparison.

Share This Article
Leave a comment