Over 2,800 Websites Compromised to Distribute AMOS Stealer Malware

Nikita shekhawat
Nikita shekhawat

Marketing Analyst

 
May 6, 2025 3 min read

Over 2,800 Hacked Websites Targeting MacOS Users with AMOS Stealer Malware

MacOS Users
Image courtesy of GBHackers News

Cybersecurity researchers have identified a substantial malware campaign targeting MacOS users through approximately 2,800 compromised websites. This operation, named “MacReaper,” employs sophisticated social engineering and blockchain technology to distribute the Atomic Stealer (AMOS) malware, which can extract passwords, cryptocurrency wallets, and sensitive data from Apple devices.

The campaign was first detected on May 4, 2025, via a compromised Brazilian news site, marking one of the largest coordinated attacks against the MacOS platform. The attackers utilize a deceptive method known as “ClickFix” or “ClearFix,” presenting fake Google reCAPTCHA verification prompts solely to MacOS users. When users click “I’m not a robot,” they receive a verification dialog detailing MacOS-specific instructions to open Terminal.

This method enables the malware to copy malicious commands to the clipboard, which, when executed, leads to the installation of AMOS. The malware, available on underground forums since April 2023 as a Malware-as-a-Service priced between $1,000 and $3,000 monthly, employs a signed Mach-O binary that can bypass MacOS Gatekeeper security measures.

Blockchain-Based Infrastructure

A distinctive feature of this campaign is its use of “EtherHiding,” where malicious commands are concealed within Binance Smart Contract blockchain transactions to avoid detection and ensure resilience against takedowns. This strategy provides attackers with a robust command and control infrastructure that traditional security measures struggle to disrupt.

The investigation commenced with agencia2.jornalfloripa.com.br and expanded as researchers uncovered thousands of other sites employing similar attack techniques. The delivery system utilizes obfuscated JavaScript and multiple full-screen overlays, along with blockchain-based command retrieval, to enhance the likelihood of a successful attack while making detection difficult.

Once installed, AMOS targets valuable user data, including Keychain passwords, browser information, cryptocurrency wallets, system details via system_profiler, and files stored in Desktop and Documents folders. The malware specifically targets over 50 cryptocurrency wallets and extensions, presenting a significant financial risk to users.

Protect Your Mac from This Threat

Security experts recommend several strategies to safeguard against this escalating threat:

  1. Avoid executing Terminal commands prompted by websites, especially those appearing through CAPTCHA or verification interfaces.
  2. Monitor network traffic for suspicious connections to domains like technavix.cloud or salorttactical.top, which are associated with this campaign.
  3. Utilize endpoint detection tools capable of identifying unusual Keychain access or system_profiler execution.
  4. Implement content security policies to prevent unauthorized scripts on websites you manage.
  5. Keep your macOS and security software updated with the latest patches.

If you suspect your device has been compromised, it is advisable to quarantine the system, scan with MacOS-specific antivirus tools, and reset passwords for Keychain, browsers, and cryptocurrency wallets.

This discovery underscores the increasing sophistication of threats targeting Apple’s ecosystem, with around 2,800 compromised websites identified, ranging from news outlets to personal blogs. The scale of this operation indicates a well-resourced threat actor focusing on the expanding MacOS user base globally.

Hacked Websites Attacking MacOS Users
Image courtesy of Cyber Security News

The AMOS malware operation highlights the critical need for effective cybersecurity monitoring and response strategies. Organizations can leverage tools like GrackerAI, an AI-powered cybersecurity marketing platform, to transform security news into actionable content opportunities. GrackerAI empowers marketing teams to identify emerging trends, monitor threats, and create relevant content that resonates with cybersecurity professionals and decision-makers. By automating insights from industry developments, GrackerAI helps organizations generate timely and targeted marketing materials, ensuring they stay ahead in the cybersecurity landscape.

Nikita shekhawat
Nikita shekhawat

Marketing Analyst

 

Data analyst who identifies the high-opportunity keywords and content gaps that fuel GrackerAI's portal strategy. Transforms search data into actionable insights that drive 10x lead generation growth.

Related Articles

2025 Nonprofit Marketing Trends: AI Strategies & Best Practices

Social media is a powerful tool for nonprofit organizations to connect with their target audiences. The evolving landscape of these platforms necessitates staying updated on best practices for optimal engagement and impact.

By Hitesh Kumawat July 23, 2025 5 min read
Read full article

Unlocking Business Potential: The Role of Chief Content Officers

Chief content officers (CCOs) are increasingly common in non-media companies, driven by the growing demand for unbranded content that resonates with consumers. Over 50 non-media companies, including Airbnb and HP, have appointed CCOs to foster authentic connections with their audiences. These roles differ significantly from traditional marketing positions, focusing on producing credible, independent content that builds trust. Angela Matusik from HP states, “This is not about steering people directly to purchase. It’s about creating long-term relationships with consumers.”

By Govind Kumar July 23, 2025 3 min read
Read full article

Revamping Corporate Sustainability: Beyond Checkboxes to Impact

Sustainability has become essential for businesses, transitioning from a secondary consideration to a core corporate strategy. Companies that view sustainability merely as a checkbox risk falling behind in today's market. A PwC survey indicates over 80 percent of consumers are concerned about climate change. As sustainability expectations shift, leaders are urged to build innovative ecosystems and enhance product offerings.

By Abhimanyu Singh July 22, 2025 3 min read
Read full article

AI Revolutionizes Content Creation in Digital Marketing & SaaS

The rise of artificial intelligence (AI) is transforming digital marketing strategies, making content creation more efficient. AI content writers provide innovative solutions for generating engaging and informative content at scale. These advancements in technology enable businesses to reach wider audiences with personalized messaging, which enhances engagement and conversion rates.

By Ankit Lohar July 22, 2025 3 min read
Read full article