AMOS malware for macOS targets users with fake browser updates

Nico du Plessis


AMOS, or Atomic Stealer, is a sophisticated malware that specifically targets Mac users. It's a significant cybersecurity threat because it's designed to infiltrate your computer by masquerading as something harmless.

The Dangers of AMOS

Once AMOS gains access to your system, it can have severe consequences. It's capable of stealing a wide range of personal information, including passwords, credit card details, and other encrypted data stored on your Mac. This puts users at risk of identity theft, financial fraud, and a serious breach of privacy.

AMOS and the macOS Keychain

One of the most alarming capabilities of AMOS is its potential to access the macOS keychain. The keychain is a built-in password manager on your Mac, safeguarding your WiFi passwords, website logins, credit card information, and other sensitive data. If AMOS compromises this keychain, it can lead to significant security breaches, making the malware particularly dangerous​​​​​​​​.

How AMOS is Distributed: The ClearFake Campaign

AMOS is distributed through a deceptive strategy known as the ClearFake campaign. This method involves using compromised websites to display fake browser update notifications. These notifications, which can appear very legitimate, are actually drive-by downloads for the AMOS malware. Initially targeting Windows users, the campaign expanded to macOS in late 2023, distributing DMG payloads to unsuspecting Mac users visiting these compromised sites​​.

Spotting and Avoiding AMOS

To spot and avoid falling victim to AMOS:

  1. Be Wary of Unexpected Browser Updates: AMOS often appears as a browser update. If you're prompted to update your browser while browsing a website, it's likely a trap.
  2. Use Official Channels for Updates: Always use official websites or built-in update tools for your browser and operating system. For Safari, updates come through macOS's Software Update, and for other browsers, updates are typically found within the browser itself​​.
  3. Employ Robust Security Measures: Given that AMOS can evade detection by many antivirus engines, employing comprehensive security measures is crucial. Keep your antivirus software updated and consider using additional security tools.
  4. Educate Yourself and Your Team: Especially for small businesses, educating all team members about these kinds of threats is vital. Recognizing the signs of a fake update can prevent malware from infiltrating your network.

AMOS represents a significant threat to individual users and small businesses alike. By understanding how it operates and taking proactive steps to protect your devices, you can significantly reduce the risk of falling victim to this malicious software. Stay informed, stay cautious, and prioritize your digital security.
An ensemble of cyber guardian heroes, ready to use Prventi to join the global fight against cybercrime.

How would your company perform against a phishing attack? Get Prventi for free and find out.

Don’t wait for an attack. Prepare your business with Prventi’s phishing simulation and innovative cybersecurity training.

No credit card required.