A new version of the Atomic macOS info-stealer, known as βAMOSβ, now includes a backdoor for persistent remote access. This evolution enhances the malwareβs capabilities, allowing full system control and affecting users in over 120 countries. #AtomicStealer #AMOS #MacOSBackdoor #CyberThreats
Keypoints
- The updated Atomic stealer features a backdoor that grants attackers remote command execution on infected Macs.
- The malware uses LaunchDaemons and hidden scripts to maintain persistence across reboots.
- Cybercriminals have shifted from broad distribution to targeted phishing campaigns, especially toward cryptocurrency users.
- The backdoor can log keystrokes, execute payloads, and explore lateral movement within networks.
- macOS devices are increasingly becoming attractive targets for sophisticated malware campaigns like Atomic.