AMOS Variant Distributed Via Clickfix In Spectrum-Themed Dynamic Delivery Campaign By Russian Speaking Hackers
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A sophisticated campaign using typo-squatted 'Spectrum' domains has been uncovered, spreading a new Atomic macOS Stealer (AMOS) variant. The attack, disguised as a CAPTCHA verification, employs dynamic payloads based on the victim's operating system. For macOS users, a malicious shell script steals system passwords and downloads an AMOS variant. The script uses native macOS commands to harvest credentials, bypass security, and execute malicious binaries. Russian-language comments in the source code suggest involvement of Russian-speaking cybercriminals. The campaign's delivery sites show flawed logic, indicating hasty assembly. This multi-platform social engineering attack targets both consumer and corporate users, highlighting an increasing trend in cross-platform threats.
OPENCTI LABELS :
amos,social engineering,credential theft,typosquatting,clickfix,poseidon,dynamic payload,spectrum,multi-platform attack,macos stealer
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
AMOS Variant Distributed Via Clickfix In Spectrum-Themed Dynamic Delivery Campaign By Russian Speaking Hackers