A new cyber campaign targets macOS developers with fake platforms like Homebrew, LogMeIn, and TradingView, delivering infostealing malware such as AMOS and Odyssey. The attackers use convincing fake sites and Terminal commands to trick users into installing malicious payloads. #AMOS #OdysseyStealer
Keypoints
- The campaign employs βClickFixβ tactics to persuade targets to run malicious commands in Terminal.
- Over 85 domains impersonate popular platforms like Homebrew, LogMeIn, and TradingView to distribute malware.
- The malware collects sensitive data, including browser credentials, cryptocurrency info, and personal files.
- AMOS malware now includes backdoor features for remote attacker access, costing $1,000/month subscription.
- Odyssey Stealer targets credentials, cookies, and wallet extensions across multiple browsers and sends data to C2 servers.