One of the Biggest Security Threats to Apple Systems Just Got a Major Upgrade: What We Know

The macOS ecosystem has been facing an increasing threat from a highly sophisticated malware known as Atomic Stealer (AMOS), which has just received a significant upgrade, experts have warned. According to MacPaw's cybersecurity arm, Moonlock, the new version of AMOS boasts a backdoor that enables persistent access and survives reboots, making it even more formidable.

The news comes courtesy of an independent researcher with the alias g0njxa., who tipped off Moonlock about the upgraded malware. This latest development has raised concerns among cybersecurity experts, who believe that the backdoored version of AMOS now has the potential to gain full access to thousands of Mac devices worldwide.

AMOS has been a persistent threat in the macOS ecosystem for years, establishing itself as a go-to stealer malware used in numerous major hacking campaigns. It has been capable of extracting a wide range of data, including browser-stored passwords and keychains, autofill data, cryptocurrency wallet information, system data, and different files. Moreover, it was able to bypass macOS protections, tricking Gatekeeper and other security features.

AMOS has been sold as MaaS (malware-as-a-service) on underground forums and distributed via fake apps and malicious websites. Its impact has been significant, with the malware campaigns already reaching over 120 countries, including the United States, France, Italy, the United Kingdom, and Canada among the most affected.

Experts are warning that this latest upgrade makes AMOS an even more significant threat to Apple systems. As one researcher noted, "The new backdoor in AMOS allows it to deploy any other malware on the compromised device, making it a highly versatile tool for attackers."

Last seen in early June 2025, when Russian threat actors used the popular ClickFix method to deploy it against their targets, AMOS has been a persistent force in the world of cybersecurity. In early January, software developer Ryan Chenkie spotted a malicious campaign on Google, promoting a fake version of Homebrew, an open-source package manager for macOS and Linux that was, in fact, AMOS.

With this latest upgrade, it's clear that AMOS is becoming increasingly sophisticated and difficult to detect. As the threat landscape continues to evolve, it's essential for Apple users to remain vigilant and take necessary precautions to protect themselves against such malware.

Protect Yourself from AMOS

While we can't predict with certainty when or where the next AMOS campaign will strike, there are steps you can take to reduce your risk. Here are some tips:

• Keep your operating system and software up-to-date.
• Use strong, unique passwords for all accounts.
• Avoid suspicious links and attachments from unknown sources.
• Use reputable antivirus software to scan your device regularly.

By staying informed and taking these precautions, you can significantly reduce the risk of falling victim to AMOS or any other malware. Stay safe online!

Get Protection for Your Devices

At TechRadar, we're committed to helping you stay safe online. That's why we've partnered with Incogni, a leading provider of data removal services. With their expertise, you can wipe your personal data off the internet and protect yourself from identity thieves and unwanted spam calls.

Right now, you can get 55% off Incogni's Data Removal service using the code TECHRADAR. Don't wait – take control of your online security today!