A new Mac-targeting infostealer malware called βShamosβ, developed by βCOOKIE SPIDERβ, is spreading through ClickFix attacks that trick users with fake troubleshooting guides. This malware steals sensitive data, including credentials, cryptocurrency wallets, and browser information, and has been detected in over 300 environments worldwide since June 2025. #Shamos #COOKIE_SPIDER
Keypoints
- Shamos is a variant of the Atomic macOS Stealer (AMOS) targeting Mac users.
- The malware is delivered through malicious ClickFix attacks via fake ads and repositories.
- Victims are tricked into executing shell commands that download and install Shamos.
- Once on a device, Shamos collects data like keychain items, browser info, and crypto wallets.
- The malware ensures persistence by creating Plist files and can download additional payloads.