CyberSecurityBoard
Sponsor Register Login

Atomic macOS Stealer Comes With New Backdoor to Enable Remote Access

To avoid detection during analysis, AMOS employs string obfuscation techniques and actively checks for sandbox or virtual machine environments using the system_profiler command, ensuring operational security during deployment and execution phases. The malware’s distribution strategy combines two primary attack vectors: websites offering cracked or counterfeit software and sophisticated spear-phishing campaigns targeting high-value individuals, particularly cryptocurrency holders and freelancers including artists. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The Atomic macOS Stealer (AMOS) has undergone a significant evolution, transforming from a traditional information stealer into a sophisticated persistent threat capable of maintaining long-term access to compromised macOS systems. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. This development marks a critical escalation in the malware’s capabilities, enabling attackers to execute remote commands and deploy additional payloads beyond its original data theft functions. AMOS deploys a binary named .helper as a hidden file within the victim’s home directory, accompanied by a wrapper script called .agent that ensures continuous execution. These phishing attacks often masquerade as legitimate job interview processes, deceiving victims into installing trojanized DMG files by requesting system passwords under the pretense of enabling screen-sharing software. PolySwarm analysts identified that AMOS campaigns have already impacted over 120 countries, with the United States, France, Italy, the United Kingdom, and Canada experiencing the most significant activity. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. The backdoor’s technical implementation demonstrates sophisticated persistence tactics designed to survive system reboots and evade detection. The malware establishes persistence through a LaunchDaemon labeled com.finder.helper, installed via AppleScript using stolen user credentials for elevated privileges.

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 28 Jul 2025 20:30:21 +0000


Cyber News related to Atomic macOS Stealer Comes With New Backdoor to Enable Remote Access

Fake Browser Updates Targeting Mac Systems With Infostealer - A widely popular social engineering campaign previously only targeting Windows systems has expanded and is now using fake browser updates to distribute Atomic Stealer, a dangerous information stealer, to macOS systems. Experts say this could be the ...
1 year ago Darkreading.com
CVE-2024-40954 - In the Linux kernel, the following vulnerability has been resolved: ...
7 months ago
Sophisticated macOS Infostealers Get Past Apple's Built-In Detection - Increasingly sophisticated infostealers are targeting macOS with the capability to evade Apple's built-in malware protection, as attackers are becoming more savvy about how to crack static signature-detection engines like the platform's proprietary ...
1 year ago Darkreading.com Hunters
Atomic macOS Info-Stealer Upgraded With New Backdoor to Maintain Persistence - According to cybersecurity researchers at Moonlock, MacPaw’s security division, this marks only the second known case of backdoor deployment targeting macOS users at a global scale, following similar tactics employed by North Korean threat ...
2 weeks ago Cybersecuritynews.com
Atomic macOS infostealer adds backdoor for persistent attacks - Malware analyst discovered a new version of the Atomic macOS info-stealer (also known as 'AMOS') that comes with a backdoor, to attackers persistent access to compromised systems. The analyzed version of the malware comes with an embedded ...
3 weeks ago Bleepingcomputer.com
BianLian GOs for PowerShell After TeamCity Exploitation - In conjunction with GuidePoint's DFIR team, we responded to an incident that began with the exploitation of a TeamCity server which resulted in the deployment of a PowerShell implementation of BianLian's GO backdoor. The threat actor identified a ...
1 year ago Securityboulevard.com CVE-2024-27198 CVE-2023-42793 BianLian
MacOS info-stealers quickly evolve to evade XProtect detection - Multiple information stealers for the macOS platform have demonstrated the capability to evade detection even when security companies follow and report about new variants frequently. A report by SentinelOne highlights the problem through three ...
1 year ago Bleepingcomputer.com
RedLine Stealer Malware Deployed Via ScrubCrypt Evasion Tool - A new version of the ScrubCrypt obfuscation tool is being used to target organizations with the RedLine Stealer malware, fraud sensor network Human Security has warned. Human's Satori Threat Intelligence Team said it has uncovered the new build of ...
1 year ago Infosecurity-magazine.com
New Rhadamanthys stealer version enhances features, evasion - The developers of the Rhadamanthys information-stealing malware have recently released two major versions to add improvements and enhancements across the board, including new stealing capabilities and enhanced evasion. Rhadamanthys is a C++ ...
1 year ago Bleepingcomputer.com
New Germlin Stealer Advertised on Hacker Forums Steals Credit Card Data & Login Credentials - Cyber Security News - For credit card data theft, Gremlin Stealer employs specialized functions that target stored payment information across multiple browsers. First spotted being advertised on underground forums and Telegram channels, Gremlin Stealer represents a ...
2 months ago Cybersecuritynews.com
Rhadamanthys Stealer malware evolves with more powerful features - The developers of the Rhadamanthys information-stealing malware have recently released two major versions to add improvements and enhancements across the board, including new stealing capabilities and enhanced evasion. Rhadamanthys is a C++ ...
1 year ago Bleepingcomputer.com
macOS Security Guide- Safeguarding Against Adware and Malware - While Apple’s built-in defenses, such as XProtect and Gatekeeper, remain critical, 2024 has exposed vulnerabilities in user behavior and emerging attack vectors leveraging artificial intelligence (AI). As MaaS economies flourish, only layered ...
2 months ago Cybersecuritynews.com
AI-Powered Rhadamanthys Stealer Targets Crypto Wallets with Image Recognition - Rhadamanthys and Lumma, alongside other stealer malware families like Meduza, StealC, Vidar, and WhiteSnake, have also been found releasing updates in recent weeks to collect cookies from the Chrome web browser, effectively bypassing newly introduced ...
9 months ago Thehackernews.com
Atomic macOS Stealer Comes With New Backdoor to Enable Remote Access - To avoid detection during analysis, AMOS employs string obfuscation techniques and actively checks for sandbox or virtual machine environments using the system_profiler command, ensuring operational security during deployment and execution phases. ...
8 hours ago Cybersecuritynews.com
'Ov3r Stealer' Malware Spreads Through Facebook to Steal Crates of Info - The malware by design exfiltrates specific types of data such as geolocation, hardware info, passwords, cookies, credit card information, auto-fills, browser extensions, crypto wallets, Office documents, and antivirus product information, according ...
1 year ago Darkreading.com
Titan Stealer: A New Golang-Based Information Stealer Malware Emerges - A new Golang-based information stealer malware, dubbed Titan Stealer, is being advertised by threat actors through their Telegram channel. Uptycs security researchers Karthickkumar Kathiresan and Shilpesh Trivedi first documented the malware in ...
2 years ago Thehackernews.com
New Android Malware 'Salvador Stealer' That Phish & Steals Your Banking Details & OTPs - Cybersecurity researchers have discovered a sophisticated new Android malware called “Salvador Stealer” that targets banking credentials and one-time passwords (OTPs) through an elaborate phishing scheme. Once active, Salvador Stealer ...
3 months ago Cybersecuritynews.com
Octalyn Stealer Steals VPN Configurations, Passwords and Cookies in Structured Folders - A sophisticated new credential stealer disguised as a legitimate forensic toolkit has emerged on GitHub, targeting sensitive user data including VPN configurations, browser credentials, and cryptocurrency wallet information. The Octalyn Stealer, ...
1 week ago Cybersecuritynews.com
Facebook ads push new Ov3r Stealer password-stealing malware - A new password-stealing malware named Ov3r Stealer is spreading through fake job advertisements on Facebook, aiming to steal account credentials and cryptocurrency. The fake job ads are for management positions and lead users to a Discord URL where a ...
1 year ago Bleepingcomputer.com
New 'SpectralBlur' macOS Backdoor Linked to North Korea - Security researchers have dived into the inner workings of SpectralBlur, a new macOS backdoor that appears linked to the recently identified North Korean malware family KandyKorn. The observed SpectralBlur sample was initially uploaded to VirusTotal ...
1 year ago Securityweek.com
Microsoft: Iranian hackers target researchers with new MediaPl malware - Microsoft says that a group of Iranian-backed state hackers are targeting high-profile employees of research organizations and universities across Europe and the United States in spearphishing attacks pushing new backdoor malware. The attackers, a ...
1 year ago Bleepingcomputer.com APT3 APT33
New Powerful Nullpoint-Stealer With Extensive Capabilities Hosted on GitHub - While the repository explicitly states the project is “built as a cybersecurity lab tool” for malware analysis practice, ethical hacking labs, blue team defense testing, and “understanding how modern stealers operate,” ...
2 months ago Cybersecuritynews.com
Russian Sandworm Group Using Novel Backdoor to Target Ukraine - Russian nation-state group Sandworm is believed to be utilizing a novel backdoor to target organizations in Ukraine and other Eastern and Central European countries, according to WithSecure researchers. The previously unreported backdoor, dubbed ...
1 year ago Infosecurity-magazine.com
macOS Malware Campaign Showcases Novel Delivery Technique - Security researchers have sounded the alarm on a new cyberattack campaign using cracked copies of popular software products to distribute a backdoor to macOS users. What makes the campaign different from numerous others that have employed a similar ...
1 year ago Darkreading.com
Palo Alto Reveals New Features in Russian APT Turla's Kazuar Backdoor - The latest version of the Kazuar backdoor could be more sophisticated than previously imagined, according to Palo Alto Networks. The Kazuar backdoor was used by the Russian hacking group Turla to target the Ukrainian defense sector in July 2023, the ...
1 year ago Infosecurity-magazine.com Turla

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)