mastodon.world is one of the many independent Mastodon servers you can use to participate in the fediverse.
Generic Mastodon server for anyone to use.

Server stats:

8.4K
active users

#amos

6 posts6 participants0 posts today

Atomic macOS Stealer includes a backdoor for persistent access

Atomic macOS Stealer (AMOS) has received a major update, now including an embedded backdoor for persistent access to victims' Macs. This upgrade allows attackers to maintain control, run remote tasks, and potentially gain full system compromise. The Russia-affiliated AMOS threat group has expanded its capabilities, mimicking North Korean attack strategies. The malware is distributed through fake software websites and spear-phishing campaigns. It uses a trojanized DMG file to bypass Gatekeeper, installs persistence via LaunchDaemon, and communicates with command-and-control servers. The backdoor functionality significantly increases the risk to victims, turning one-time breaches into long-term compromises. AMOS campaigns have already affected over 120 countries, with the potential to access thousands of Mac devices worldwide.

Pulse ID: 687008ea5fb6ba9739b411f1
Pulse Link: otx.alienvault.com/pulse/68700
Pulse Author: AlienVault
Created: 2025-07-10 18:39:38

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#AMOS#Atomic#BackDoor
Continued thread

[related]
⬇️
"Atomic macOS infostealer adds backdoor for persistent attacks"
""AMOS malware campaigns have already reached over 120 countries, with the United States, France, Italy, the United Kingdom, and Canada among the most affected," the researchers say.

"The backdoored version of Atomic macOS Stealer now has the potential to gain full access to thousands of Mac devices worldwide.""
👇
bleepingcomputer.com/news/secu

Specimen frais, toujours clickfix en entrée, amos stealer en sortie...
⬇️
👀
👇
bazaar.abuse.ch/sample/45ee30e
⬇️
virustotal.com/gui/file/45ee30

#CyberVeille
#macos
#malware
#infostealer
#amos

Hiding in GitHub

An AMOS malware campaign has been discovered utilizing GitHub repositories to distribute malicious files. The attackers created a fake Ledger Live app that prompts users to enter their secret phrases, which are then exfiltrated. The malware uses obfuscation techniques, including base64 encoding and custom XOR operations. The campaign targets cryptocurrency users, specifically those using hardware wallets. The malware is distributed through DMG files and ZIP archives, containing both x64 and ARM64 versions of AMOS. The attackers use multiple domains for command and control, and the malware performs checks to detect virtual environments.

Pulse ID: 6855b5c3b1b7afa76a4cd25d
Pulse Link: otx.alienvault.com/pulse/6855b
Pulse Author: AlienVault
Created: 2025-06-20 19:25:55

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

AMOS macOS Stealer Hides in GitHub With Advanced Sophistication Methods

Pulse ID: 685085014bb036e624756f91
Pulse Link: otx.alienvault.com/pulse/68508
Pulse Author: cryptocti
Created: 2025-06-16 20:56:33

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

AMOS macOS Stealer Hides in GitHub With Advanced Sophistication Methods

A new AMOS macOS stealer variant shows advanced use of obfuscation
and deceptive delivery methods.

Pulse ID: 684f18312fe17fb24bd30465
Pulse Link: otx.alienvault.com/pulse/684f1
Pulse Author: cryptocti
Created: 2025-06-15 19:00:01

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

Tiens, intéréssant: un nouveau spécimen du malware 💀 Atomic Stealer (AMOS) pour macOS a été envoyé sur @abuse_ch
👇
bazaar.abuse.ch/sample/748c52e

sandbox VT
👇
virustotal.com/gui/file/748c52

Ce voleur d’infos est diffusé par ingénierie sociale façon “ClickFix” pour pousser l'utilisateur à installer une fausse app "Text Editor Pro 2720" sur Mac.

Un parfait exemple de chaîne d’ingénierie sociale guidée qui contourne les protections automatiques en accompagnant & faisant copier-coller activement l’utilisateur, combinée à un script shell visant les droits root.