- Atomic Stealer, or AMOS, is no longer just a pure infostealer, experts warn
- The tool now comes with a backdoor and a persistence mechanism
- A new variant was seen circulating in the wild
Atomic Stealer (AMOS), one of the most dangerous infostealer malware threats on the macOS ecosystem, just got a significant upgrade that makes it even more dangerous, experts have warned.
A new version of the malware was spotted sporting a backdoor that not only allows persistent access and survives reboots, but also grants the attackers the ability to deploy any other malware on the compromised device, as well.
The news comes courtesy of MacPaw’s cybersecurity arm, Moonlock, who were tipped off by an independent researcher with the alias g0njxa., who noted the backdoored version of Atomic macOS Stealer now has the potential to gain full access to thousands of Mac devices worldwide.
A popular infostealer
AMOS has been around for years, establishing itself as the go-to stealer malware used in many major hacking campaigns. Until now, it was capable of extracting a wide range of data, including browser-stored passwords and keychains, autofill data, cryptocurrency wallet information, system data, and different files. It was also able to bypass macOS protections, tricking Gatekeeper and other macOS security features.
It was sold as MaaS (malware-as-a-service) on underground forums, and often distributed via fake apps and malicious websites.
We last heard of AMOS in early June 2025, when Russian threat actors used the popular ClickFix method to deploy it against their targets. At the time, security researchers from CloudSek reported multiple websites spoofing Spectrum, a US-based telecommunications provider, to deliver the malware.
In early January, software developer Ryan Chenkie spotted a malicious campaign on Google, promoting a fake version of Homebrew, an open source package manager for macOS and Linux that was, in fact, AMOS.
“AMOS malware campaigns have already reached over 120 countries, with the United States, France, Italy, the United Kingdom, and Canada among the most affected,” the researchers warned.
Via BleepingComputer
Leave a comment