- AMOS relies on users executing malicious terminal commands themselves
- Sophos MDR identified ClickFix-style social engineering in macOS attacks
- Half of macOS theft reports involved AMOS, but Apple is fighting back
Atomic macOS Stealer, also known as AMOS, is a persistent threat to macOS security because it does not need sophisticated zero-day vulnerabilities to compromise Apple devices.
Instead, this malware family repeatedly exploits ordinary user behavior by tricking them into entering a single command in their own Terminal application.
A recent incident investigated by Sophos MDR teams revealed exactly this pattern: a ClickFix-style ruse persuaded a victim to manually execute a malicious line of code.
AMOS uses psychological manipulation on technical exploits
This approach has become increasingly important, with researchers noting similar social engineering tactics in several macOS information theft campaigns throughout 2025 and early 2026.
AMOS accounted for nearly 40% of all macOS protection updates deployed by Sophos in 2025, more than double the detection rate of any other macOS malware family during the same period.
Additionally, nearly half of all macOS client-stealing reports in the past three months involved AMOS or its close variants.
Security companies have been tracking this malware-as-a-service operation since at least April 2023, with notable campaigns including a variant dubbed SHAMOS reported by CrowdStrike in August 2025.
In December 2025, Huntress documented infections spreading via poisoned search results linked to ChatGPT and Grok conversations.
How malware collects passwords and data
After the initial terminal command executes a bootstrap script, the malware immediately asks the user for their macOS system password.
The malicious code then validates these credentials locally using a simple directory services command before storing them in a hidden file named .pass in the user’s home directory.
Once the password is secure, AMOS downloads a secondary payload that strips extended attributes to bypass macOS security warnings.
The thief also checks if it is running in a virtual machine or sandbox environment by querying the system_profiler data for flags such as QEMU, VMware, or KVM.
The malware then collects a wide range of sensitive information, including the macOS keychain database, Firefox and Chrome browser credentials, extension storage files, and local session tokens.
Some variants also deploy fake Ledger Wallet and Trezor Suite apps designed to steal cryptocurrency wallet seeds and credentials.
All collected files are compressed into a single archive using the ditto utility before being transmitted to attacker-controlled servers via curl POST requests.
To maintain long-term access, the malware installs a LaunchDaemon that guarantees automatic execution after each system reboot.
Despite the severity of AMOS, it’s worth wondering whether security vendors are exaggerating its novelty, given that information thieves have targeted Windows systems for nearly two decades.
The fact that the malware relies heavily on user consent (someone must voluntarily paste and execute a terminal command) creates a significant obstacle that technically literate users could easily avoid.
Additionally, Apple’s continued improvements to Gatekeeper, XProtect, and notarization requirements could render AMOS largely ineffective after a few operating system updates.
The real danger may lie less in AMOS itself than in the uncomfortable truth that no platform is safe from users who ignore basic security warnings.
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.