- The atomic thief, or Amos, is no longer just a pure infosteller, warn the experts
- The tool is now delivered with a stolen door and a mechanism of persistence
- A new variant has been seen circulating in nature
The atomic thief (Amos), one of the malicious threats to the most dangerous infostletous on the macOS ecosystem, has just received a significant upgrade which makes it even more dangerous, the experts warned.
A new version of the malware has been spotted sporting a stolen door which not only allows persistent access and survives the restarts, but also grants attackers the possibility of deploying any other malicious software on the compromise device.
The news is graceful of MacPaw’s cybersecurity branch, Moonlock, who was overthrown by an independent researcher with the alias G0NJXA., Which noted the rear version of the macos stealer atomic now has the potential to access thousands of Mac devices worldwide.
A popular infosteator
Amos has existed for years, establishing itself like Go-To thief malware used in many major hacking campaigns. Until now, it has been able to extract a wide range of data, including passwords and keychain stored by the browser, automatic surfing data, cryptocurrency portfolio information, system data and different files. He was also able to bypass macOS protections, to deceive Gatekeeper and other macOS security features.
It was sold like Maas (Malware-as-A-Service) on underground forums, and often distributed via false applications and malicious websites.
We have heard of Amos for the last time in early June 2025, when actors in the Russian threat used the popular clickfix method to deploy it against their targets. At the time, Cloudsek security researchers reported several SPERM websites, a telecommunications supplier based in the United States, to deliver malware.
In early January, the developer of software Ryan Chenkie spotted a malicious campaign on Google, promoting a false version of Homebrew, an open source package manager for MacOS and Linux who was, in fact, Amos.
“Amos malware has already reached more than 120 countries, the United States, France, Italy, the United Kingdom and Canada among the most affected,” warned researchers.
Via Bleeping Compompute
