Malicious macOS Apps and AI Chat Platforms Used to Distribute AMOS Malware
Attackers are distributing a fake version of the 'Dynamic Island for Mac' app, which mimics the legitimate application's branding and even reuses its demo video to deceive users. The malicious installer, distributed as a .dmg file (notably named DynamicLake.dmg), instructs users to drag files into the Terminal—a behavior not present in the authentic app. Security firm Jamf has analyzed this malware variant, and affected users have reported difficulties in removing the infection, while abuse reports to platforms like YouTube have so far been ineffective.
Separately, cybercriminals are leveraging trusted AI chat platforms such as ChatGPT and Grok to spread the Atomic macOS Stealer (AMOS) malware. By using SEO poisoning, attackers manipulate search results to direct users to seemingly legitimate AI-hosted guides, which instruct them to run malicious code in the macOS Terminal. This code captures the user's password and installs AMOS, which targets cryptocurrency wallets and harvests sensitive data. Both campaigns exploit user trust in familiar brands and platforms, using social engineering to bypass traditional security defenses and infect macOS systems.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
Users report infections from the fake app as takedown efforts stall
Several users reported being affected after installing the impersonating app, confirming real-world victimization. The legitimate developer also said abuse reports to Google and YouTube had not resulted in the fraudulent content being removed.
Cybercriminal campaign uses fake 'Dynamic Island for Mac' app to spread malware
A malicious actor created and distributed a fake version of the legitimate 'Dynamic Island for Mac' app, copying its branding and reusing the developer's demo video on YouTube to deceive users. The fake installer was distributed as 'DynamicLake.dmg' and prompted users to drag files into Terminal, behavior the real app does not require.
Jamf publishes analysis of a new macOS malware variant
Jamf released technical analysis of a malware variant tied to a fake macOS app distributed as a DMG and abusing Terminal-based installation steps. The reporting indicates the malware was being used to target Mac users through impersonation of legitimate software.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
AMOS Mac Malware Spreads via Fake Ads and Trojanized macOS Downloads
Researchers reported multiple campaigns distributing macOS infostealers tied to the **AMOS/AtomicStealer** ecosystem, a malware-as-a-service operation that steals credentials, browser data, cryptocurrency wallets, Apple Notes, files, and **Keychain** material from macOS Catalina and newer systems on Intel, M1, and M2 devices. Earlier reporting on related macOS stealers showed operators relying on social engineering, unsigned DMG files, and password prompts to collect sensitive data, package it into archives, and exfiltrate it to command-and-control servers, with some activity also summarized to Telegram channels. More recent campaigns used **malvertising** and fake software or troubleshooting pages to lure users into running Terminal commands that fetched an AMOS variant known as **"malext"**. Investigators said the malware used obfuscated shell commands, `osascript`, quarantine removal, anti-VM and sandbox checks, and in some cases installed persistence through a LaunchDaemon and helper scripts, while also trojanizing Ledger and Trezor applications and capturing administrator passwords. Reporting also linked AMOS delivery to fake **CleanMyMac** sites and AI-themed lures, indicating operators are rapidly rotating ad accounts and adapting infection vectors to broaden theft and remote access on macOS systems.
May 25, 2026
Weaponized DMG Installers Spread macOS Infostealers Including AMOS
Threat actors are increasingly using weaponized `.dmg` files disguised as legitimate macOS software installers to deliver infostealer malware, with campaigns relying heavily on social engineering to convince users to bypass Apple Gatekeeper and other trust prompts. Researchers said the malware typically focuses on rapid collection and exfiltration rather than persistence, stealing browser credentials, cookies, authentication tokens, Apple Keychain data, macOS passwords, and cryptocurrency wallet information from infected systems. Multiple macOS stealer families have been tied to the tactic, including **Atomic macOS Stealer (AMOS)**, Poseidon, Odyssey, and MacSync. AMOS in particular has been marketed as malware-as-a-service and distributed through malvertising, SEO poisoning, fake download pages, social media ads, GitHub-hosted binaries, open directories, poisoned search results, and piracy forums while impersonating popular apps such as Notion, Trello, Arc, Slack, Todoist, and CleanMyMac X. Defenders were urged to monitor suspicious DMG mount activity in `/Volumes`, inspect hidden `.background` directories, use OCR on installer graphics, unmount suspicious disk images quickly, and restrict software installation to legitimate, Apple-verified sources outside unofficial or cracked-software channels.
Jun 16, 2026
Malware Campaigns Leveraging AI Chat Platforms for Credential and Crypto Theft
Threat actors have launched sophisticated malware campaigns that exploit legitimate AI chat platforms, such as ChatGPT and Grok, to deliver malicious code to unsuspecting users. By using SEO poisoning and sponsored Google search results, attackers redirect users searching for common macOS troubleshooting tips to fake shared chat links on these AI platforms. These chats appear to offer helpful system instructions but actually embed obfuscated, base64-encoded commands that, when executed, install multi-stage malware. The infection process often involves social engineering tactics, such as prompting users to enter their system password under the guise of credential verification, which is then used to escalate privileges and deploy the main malware payload. Security researchers have identified the malware as variants of information stealers, including Shamus and AMOS, which are capable of stealing credentials and cryptocurrency, and employ advanced evasion techniques like multi-layered encoding and custom decoders to avoid detection. This attack method is particularly effective because it leverages the inherent trust users place in well-known AI brands and their official domains, bypassing traditional safety checks. The campaigns highlight a growing trend in cybercrime where legitimate AI tools are weaponized to facilitate malware delivery, making detection and prevention more challenging. Security analysts emphasize the need for increased vigilance when interacting with AI-generated content, especially when prompted to execute system commands, and recommend enhanced monitoring for suspicious activity originating from AI platform interactions.
Mar 21, 2026