CrowdStrike reports an increase in attacks targeting macOS users with a variant of the Atomic macOS Stealer (AMOS), called SHAMOS. The campaign used malvertising and fraudulent websites to trick users into executing malicious commands that steal credentials and other sensitive data. #AtomicMacOSStealer #SHAMOS #CookieSpider #macOSThreats
Keypoints
- CrowdStrike warns of a rise in macOS malware attacks involving the AMOS stealer variant, SHAMOS.
- The cybercriminal group Cookie Spider used malvertising to target victims through fake help websites.
- Attackers promoted fake advertisements for solutions to common macOS issues, tricking users into executing malicious scripts.
- SHAMOS malware can exfiltrate credentials, Keychain data, browser info, and cryptocurrency wallets, and can download additional payloads.
- The campaign targeted users across multiple countries, impersonating a legitimate electronics store in advertising efforts.
Read More: https://www.securityweek.com/hundreds-targeted-in-new-atomic-macos-stealer-campaign/