Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Malware

Amos (Infostealer) – Malware

June 17, 2024
Reading Time: 3 mins read
in Malware
Amos (Infostealer) – Malware

Amos

Type of Malware

Infostealer

Country of Origin

Unknown

Date of initial activity

2023

Targeted Countries

Global

Addittional Names

Atomic Stealer

Motivation

Financial Gain
Data Theft

Attack Vectors

Phishing
Third Party Software

Targeted Systems

macOS

Type of information Stolen

Login Credentials
Financial Information
System Information

Overview

In the evolving landscape of cybersecurity threats, the emergence of the Atomic macOS Stealer (AMOS) malware marks a notable escalation in the sophistication of macOS-targeted attacks. AMOS, a highly effective information stealer, has captured attention due to its advanced capabilities and the scope of its impact. Unlike traditional malware, AMOS is engineered to exploit specific vulnerabilities within macOS systems to harvest sensitive data, making it a significant concern for both individual users and organizations. AMOS distinguishes itself through its targeted approach, focusing on extracting credentials and other valuable information from compromised macOS devices. This malware is not merely a threat but a reflection of a broader trend where macOS is increasingly becoming a prime target for cybercriminals. The malware’s ability to circumvent security measures and its integration with complex command-and-control (C2) infrastructure enhance its effectiveness and make it a formidable adversary in the cybersecurity landscape.

Targets

Individuals Information How they operate The initial phase of an AMOS attack typically begins with social engineering tactics, such as phishing campaigns or malicious software distribution. Attackers craft deceptive messages or software masquerading as legitimate applications, compelling users to download and execute the malware. Once executed, AMOS establishes its presence on the victim’s system by embedding itself into critical system processes or altering system configurations, thus ensuring its persistence and continued operation even after system reboots. AMOS employs advanced techniques for privilege escalation, often exploiting macOS vulnerabilities to gain higher-level permissions. This elevated access allows the malware to bypass security restrictions and gain deeper control over the infected system. Through obfuscation methods, AMOS evades detection by security solutions, disguising its activities and minimizing its visibility within the system. Credential theft is a primary objective of AMOS. The malware systematically searches for and extracts sensitive information, including passwords and authentication tokens, from various repositories and storage locations on the infected device. This data is then exfiltrated via encrypted communication channels to the attacker’s command-and-control (C2) infrastructure. The exfiltration process is carefully orchestrated to avoid detection and ensure the safe transfer of stolen information. In its operation, AMOS utilizes application layer protocols to interact with its C2 servers. This communication facilitates the malware’s command execution and data transmission, enabling attackers to maintain control over the compromised system and leverage the stolen data for further exploitation. The malware’s ability to adapt and integrate with existing security evasion and credential access techniques underscores its threat to macOS users.

MITRE Tactics and Techniques

Initial Access (TA0001) Phishing: AMOS may be delivered via phishing emails or other deceptive methods that trick users into downloading and executing the malware. Execution (TA0002) User Execution: AMOS requires user interaction to be executed, often disguised as legitimate software or files to encourage execution. Persistence (TA0003) Create or Modify System Process: The malware may establish persistence by modifying system processes or settings to ensure it remains active after a reboot. Privilege Escalation (TA0004) Exploitation for Privilege Escalation: AMOS may exploit vulnerabilities in macOS to gain higher privileges on the infected system. Defense Evasion (TA0005) Obfuscated Files or Information: To avoid detection, AMOS may use obfuscation techniques to conceal its presence and activities from security tools. Credential Access (TA0006) Credential Dumping: The malware targets credentials stored on the infected system to facilitate unauthorized access to other resources. Collection (TA0009) Data from Information Repositories: AMOS collects sensitive information such as passwords, authentication tokens, and other credentials from compromised systems. Exfiltration (TA0010) Exfiltration Over Command and Control Channel: The stolen data is transmitted back to the attacker’s C2 servers for further use or exploitation. Command and Control (TA0011) Application Layer Protocol: AMOS communicates with its C2 infrastructure using standard application protocols to receive commands and transmit stolen data. References
  • The Travels of “markopolo”: Self-Proclaimed Meeting Software Vortax Spreads Infostealers, Unveils Expansive Network of Malicious macOS Applications
Tags: AMOSAtomicCybercriminalsinfostealerMacOSMalwareVulnerabilities
ADVERTISEMENT

Related Posts

Iranian Phishing Campaign (Scam) – Malware

Iranian Phishing Campaign (Scam) – Malware

March 2, 2025
Fake WalletConnect (Infostealer) – Malware

Fake WalletConnect (Infostealer) – Malware

March 2, 2025
SilentSelfie (Infostealer) – Malware

SilentSelfie (Infostealer) – Malware

March 2, 2025
Sniper Dz (Scam) – Malware

Sniper Dz (Scam) – Malware

March 2, 2025
TikTok Malware Scam (Trojan) – Malware

TikTok Malware Scam (Trojan) – Malware

March 2, 2025
Zombinder (Exploit Kit) – Malware

Zombinder (Exploit Kit) – Malware

March 2, 2025

Latest Alerts

New ZeroCrumb Malware Steals Browser Cookies

TikTok Videos Spread Vidar StealC Malware

CISA Commvault ZeroDay Flaw Risks Secrets

GitLab Patch Stops Service Disruption Risks

3AM Ransomware Email Bomb and Vishing Threat

Function Confusion Hits Serverless Clouds

Subscribe to our newsletter

    Latest Incidents

    Cetus Crypto Exchange Hacked For $223M

    MCP Data Breach Hits 235K NC Lab Patients

    UFCW Data Breach Risks Social Security Data

    Cyberattack Paralyzes French Hauts de Seine

    Santa Fe City Loses $324K In Hacker Scam

    Belgium Housing Hit by Ransomware Attack

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial