New malware targeting macOS users is being sold on Telegram

in macOS
A new macOS malware being sold on Telegram is capable of extracting autofill information, passwords, wallets, and more -- but it's easy to avoid. Here's how.

Malware illustration
Malware illustration

While Mac users don't often need to worry about malware as much as Windows users do, there are still malicious actors who target macOS. First spotted by Cyble Research, the Atomic macOS Stealer (AMOS) is a highly effective program designed to extract a wide range of information from a victim's computer.

Data that can be stolen by AMOS includes passwords saved in the Keychain, system details, files from the desktop and documents folder, and even the macOS user password.

It is specifically tailored to target popular browsers like Firefox and Chrome. From browsers, it can effortlessly extract autofills, passwords, cookies, wallets, and credit card information.

Furthermore, it can target some of the most popular cryptowallets, such as Electrum, Binance, Exodus, Atomic, and Coinomi.

There is a web panel that comes with AMOS, which makes it simple to handle malware targets, in addition to tools for brute-forcing private keys. AMOS is currently being sold on Telegram for a monthly fee of $1,000.

How to protect yourself from AMOS

The malware requires users to install a .dmg file on their machines, and authenticate the installation with a user password with a fake system dialog box following installation. Once installed, it scans for sensitive information, which it purloins with the system password if it needs to, and sends it to a remote server.

So, as usual, common sense applies. Mac users can avoid AMOS by installing software from the Mac App Store, and avoiding installing files from unverified sources including links sent via email from questionable or unverifiable sources.

Read on AppleInsider


  • Reply 1 of 5
    hmlongcohmlongco Posts: 456member
    Yeah, try not to download Photoshop_2023.dmg from an anonymous source on the internet...
  • Reply 2 of 5
    Hank2.0Hank2.0 Posts: 151member
    So this AMOS doesn't work with Safari and Opera? 
  • Reply 3 of 5
    oldenboomoldenboom Posts: 23unconfirmed, member
    Hank2.0 said:
    So this AMOS doesn't work with Safari and Opera? 
    The malware is contained within a DMG, indeed  like “Photoshop CC2023.dmg” or “Notion-7.0.6.dmg”. The DMG is unsigned and requires explicit confirmation to execute (unless one has lowered that security setting to the lowest setting -unwise). Safari and Opera are very well capable of downloading DMGs.
    Just stay away from illegal software as the malware  an piggyback. And if for some reason a DMG is unsigned, treat it with the highest suspicioun.
  • Reply 4 of 5
    sshssh Posts: 15member
    These articles really need to include what's required for the software to get onto a Mac. If it can somehow get around GateKeeper, Xprotect, and the MRT, it's worth a focus. If not, that needs to be said, since no one should open up installation to applications which require overcoming the protections of those systems.
  • Reply 5 of 5
    Have you faced any one of these sign of having a malware: 
    • New apps and processes have popped up out of nowhere. In such a case, it’s best to remove them
    • Whenever you open your browser, you are driven to some other browser. Quite possibly, your Mac is under attack
    • Your browser is bombarded with ads and pop-ups
    • The various files are locked on your Mac. The malware has probably affected your files
    • Sudden Mac freezes or dip in performance has become common
    You must have a best anti malware for your mac like bitdefender, intego etc.
Sign In or Register to comment.