The Atomic macOS Stealer (AMOS) malware has introduced a new persistent backdoor installation feature, posing a significant security threat to Mac users. Initially released in 2023, AMOS quickly gained popularity among cybercriminals looking to extract sensitive data from infected Macs. Following its success, a new variant emerged in 2024, and a 2025 update has escalated the risks for victims.
Recent findings by Moonlock, a cybersecurity division of MacPaw, reveal that this updated version includes a major change: a built-in backdoor. It remains uncertain whether the original developer or a modified version has led to this new feature, but it undeniably heightens the malware’s danger. Moonlock considers this iteration the most severe threat posed by AMOS to date.
In earlier versions, AMOS primarily siphoned user data and cryptocurrency wallet information, relaying it to cybercriminals. The introduction of a backdoor means that attackers can potentially gain full control over the affected systems, leading to far-reaching damage. Notably, the inclusion of a backdoor is rare in macOS malware, being only the second known instance globally, following similar exploits attributed to North Korea.
AMOS functions by embedding itself within seemingly innocuous applications. It is distributed through fake software websites and spear phishing attacks targeting individuals with substantial cryptocurrency assets. During these phishing attempts, victims are often misled into enabling screen sharing, allowing the malware to infiltrate their systems undetected.
After installation, AMOS actively collects passwords and seed phrases while maintaining a persistent backdoor to await remote commands. The setup process employs social engineering tactics to bypass Apple’s security measures. While the backdoor enhances AMOS’s capabilities, its sophistication pales in comparison to other advanced threats, suggesting that its developers are only beginning to explore this new avenue.
To protect against AMOS, users should prioritize good digital hygiene, such as avoiding downloads from untrusted sources and steering clear of pirated software. Utilizing the Mac App Store can further mitigate risk due to Apple’s stringent checks. Awareness of potential phishing schemes, especially during job interviews, is also crucial in safeguarding personal data and device integrity.
Leave a Reply