- AMOS Resurgence Through Ads
- New Threats: Wallet Cloning and Ledger Live Replacement
- Precautions for Mac Users
AMOS (Atomic MacOS) malware, which can steal cryptocurrency, now has the ability to clone crypto wallets, making it even more dangerous for Mac users. According to a report by Moonlock Lab dated Aug. 5, AMOS has resurfaced, now advertising through Google Adsense.
AMOS Resurgence Through Ads
Moonlock Lab discovered AMOS through Google Adsense ads where it masqueraded as popular MacOS programs like Loom, Figma, VPN TunnelBlick, and Callzy. None of the developers of these apps authorized the fake AMOS versions. Moonlock researchers encountered the malware when they tried to download Loom, but were redirected to smokecoffeeshop.com, which further redirected them to a fake Loom website. The site looked exactly like the genuine one, but the download button delivered a complex version of the AMOS stealer instead of the legitimate Loom software.
New Threats: Wallet Cloning and Ledger Live Replacement
AMOS has been known since at least April 2023 when Cyble disclosed its sale on Telegram for $1,000 per month. Initially, the malware could target over 50 different crypto wallets, including Electrum, MetaMask, Coinbase, and more. AMOS has since been upgraded and can now replace legitimate wallet apps with clones. For instance, it can clone Ledger Live to show deceptive information, leading users to inadvertently send their crypto to attackers. Moonlock highlights this as a significant enhancement, presenting a major threat to Ledger users.
Precautions for Mac Users
Mac users who run crypto wallet software should be particularly cautious when downloading programs through ads. AMOS spreads via Google Adsense, posing as popular software. If uncertain about a website's authenticity, it's better to search for the official app website through organic search results. Google's filters attempt to block such malware advertisements, but they are not entirely foolproof. Cryptowallets and exchanges remain prime targets for malware, a fact reaffirmed by recent findings from Check Point Research and Kaspersky Labs.
AMOS malware represents a serious threat for Mac users, especially those using crypto wallets. The new capabilities to clone wallets and replace apps amplify the dangers of this malicious software. Users need to be vigilant while downloading software from the internet.
