216.73.217.139

An Analysis of the AMOS Stealer Campaign Targeting macOS via 'Cracked' Apps

· Published 04/09/2025 17:54 · Modified 04/09/2025 21:44

Export JSON

Essential information

Published
04/09/2025 17:54
Modified
04/09/2025 21:44
Tags
2025-09-04 amos atomic macos stealer cracked apps data exfiltration gatekeeper bypass macos persistence social engineering stealer
Related entities
9 techniques (mitre)

Description

This analysis examines a campaign distributing (), targeting users through fake 'cracked' applications. Attackers use two main delivery methods: malicious .dmg installers and terminal commands that bypass Gatekeeper protection. employs rotating domains to evade detection and steals a wide range of sensitive data, including credentials, browser information, cryptocurrency wallets, and system files. The campaign demonstrates sophisticated tactics, adapting to security improvements and leveraging . The report emphasizes the importance of comprehensive endpoint detection, user education, and defense-in-depth strategies to combat such threats.

External references