2026-06-09 (TUESDAY): ATOMIC MACOS (AMOS) STEALER INFECTION

NOTICE:

• Zip files are password-protected.  Of note, this site has a new password scheme.  For the password, see the "about" page of this website.

ASSOCIATED FILES:

• 2026-06-09-IOCs-from-AMOS-infection.txt.zip   2.1 kB   (2,090 bytes)
• 2026-06-09-AMOS-infection-traffic.pcap.zip   11.3 MB   (11,271,833 bytes)
• 2026-06-09-AMOS-files.zip   3.8 MB   (3,841,425 bytes)

 

IMAGES

Shown above: Malicious ad leading to page for AMOS Stealer.

 

Shown above: Information on the advertiser of the ad.

 

Shown above: Fake Homebrew (Brew) page.

 

Shown above: Text from the fake Brew page pasted into a terminal Window.

 

Shown above: Content of the \tmp directory after running the above script. The starter file shows the location of the persistent malware.

 

Shown above: Directory with the persistent AMOS Stealer malware.

 

Click here to return to the main page.