Atomic macOS Stealer includes a backdoor for persistent access
Atomic macOS Stealer (AMOS) has received a major update, now including an embedded backdoor for persistent access to victims' Macs. This upgrade allows attackers to maintain control, run remote tasks, and potentially gain full system compromise. The Russia-affiliated AMOS threat group has expanded its capabilities, mimicking North Korean attack strategies. The malware is distributed through fake software websites and spear-phishing campaigns. It uses a trojanized DMG file to bypass Gatekeeper, installs persistence via LaunchDaemon, and communicates with command-and-control servers. The backdoor functionality significantly increases the risk to victims, turning one-time breaches into long-term compromises. AMOS campaigns have already affected over 120 countries, with the potential to access thousands of Mac devices worldwide.
Pulse ID: 687008ea5fb6ba9739b411f1
Pulse Link: https://otx.alienvault.com/pulse/687008ea5fb6ba9739b411f1
Pulse Author: AlienVault
Created: 2025-07-10 18:39:38
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
