Atomic macOS Stealer includes a backdoor for persistent access

SUMMARY :

Atomic macOS Stealer (AMOS) has received a major update, now including an embedded backdoor for persistent access to victims' Macs. This upgrade allows attackers to maintain control, run remote tasks, and potentially gain full system compromise. The Russia-affiliated AMOS threat group has expanded its capabilities, mimicking North Korean attack strategies. The malware is distributed through fake software websites and spear-phishing campaigns. It uses a trojanized DMG file to bypass Gatekeeper, installs persistence via LaunchDaemon, and communicates with command-and-control servers. The backdoor functionality significantly increases the risk to victims, turning one-time breaches into long-term compromises. AMOS campaigns have already affected over 120 countries, with the potential to access thousands of Mac devices worldwide.

OPENCTI LABELS :

backdoor,command-and-control,amos,macos,data exfiltration,spear-phishing,cryptocurrency,atomic macos stealer,persistent access


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Atomic macOS Stealer includes a backdoor for persistent access