Originally published on: August 23, 2024
The rise of the AMOS malware, known as “Atomic MacOS,” poses a significant risk to Mac users by targeting their crypto wallets. This malicious software has evolved with a new dangerous capability to clone wallet apps and steal users’ cryptocurrency.
Resurgence of AMOS Malware
Recently, cybersecurity firm Moonlock Lab uncovered a resurgence of AMOS malware being promoted through Google AdSense. The malware disguises itself as popular MacOS applications such as Loom, Figma, Tunnelblick, and Callzy without authorization from the app developers.
Discovery of AMOS Malware
Moonlock researchers stumbled upon the malware disguised as Loom. Upon clicking the ad, they were led to a fake version of the Loom website, which appeared identical to the original but downloaded the treacherous AMOS stealer instead.
Evolution and Capabilities of AMOS
Originally reported by cybersecurity firm Cyble in 2023, AMOS was sold as a subscription service to cybercriminals for $1,000 per month. Offering a range of features, AMOS can target various crypto wallets, steal wallet data, and potentially drain victims’ accounts by obtaining the encrypted keyvault file.
An Alarming Upgrade
Moonlock’s latest findings indicate that AMOS has been enhanced to replace specific crypto wallet apps with clones, including the Ledger Live software used by Ledger hardware wallet owners. This upgrade marks a significant advancement for the malicious program, allowing it to wipe out victims’ e-wallets with alarming ease.
Future Threats Posed by AMOS
The potential cloning of other apps, such as software wallets like MetaMask and Trust Wallet, hints at a concerning trend where AMOS could deceive users into sending crypto to attackers. Moonlock has suggested that this upgraded version of AMOS poses a substantial threat to Mac users relying on various crypto wallets.
Recommendations for Mac Users
Mac users operating crypto wallet software should exercise caution when downloading applications from ads, especially those distributed through Google AdSense. To verify website authenticity, users can search for the app’s name on a search engine to access official sources, as scammers often lack the domain authority to rank organically.
Stay Protected in the Digital Realm
As cybersecurity threats targeting crypto users persist, ensuring robust security measures and remaining vigilant against evolving malware like AMOS is imperative. The growing sophistication of malicious programs underscores the need for proactive defense strategies to safeguard digital assets effectively.
In summary, Mac users should remain wary of the AMOS malware’s insidious actions and take proactive steps to protect their cryptocurrency from such threats in the ever-evolving digital landscape.
