#1
#1 out of 191.59%
technology4h ago
Security researchers track AMOS malware campaigns across macOS systems
- AMOS macOS malware gains persistence after a user runs a malicious Terminal command, then installs a LaunchDaemon for auto re-emergence.
- Sophos MDR traced a ClickFix-style social engineering tactic that fooled a victim into executing a malicious line of code in Terminal.
- AMOS accounted for nearly 40% of macOS protection updates in 2025, more than any other macOS malware family.
- The attack harvests passwords and data from Keychain, browsers, and local tokens after grabbing the system password.
- AMOS checks for virtual machines or sandboxes to avoid analysis before exfiltrating data to attacker-controlled servers.
- AMOS uses social engineering rather than technical exploits, highlighting user behavior as the primary attack vector.
- Experts warn macOS infostealers are rising, with AMOS being a leading example across 2025 and 2026.
- AMOS can harvest keys and credentials from major browsers and crypto wallets, jeopardizing user security.
- AMOS delivers a bootstrapping script, then downloads a secondary payload to expand its capabilities.
- Apple's ongoing security improvements may limit AMOS effectiveness in future OS updates.
- The broader risk is user ignorance and consent, not just the malware’s technical sophistication.
Vote 0