Phishing, Malware, Threat Intelligence

New AMOS Stealer campaign taps bogus podcast invites

Cyber crime phishing mail serious threat to computer systems, Security awareness training helps protect important business data from hacking.

(Adobe Stock)

Widely known Web3 podcast Empire has been exploited to compromise cryptocurrency developers and influencers with the Atomic macOS Stealer malware, also known as AMOS, as part of a new phishing campaign, reports HackRead.

Malicious interview invites purporting to be from Empire podcast hosts and producers have been sent by attackers via social media DMs, with targets then lured to click links to the SteamYard or Huddle platforms for the interview, findings from the Bitso Quetzal Team revealed.

However, such links redirect to a phishing website displaying an error that requires the download and installation of a DMG installer impersonating either application, the completion of which results in AMOS Stealer compromise.

Further analysis showed the DMG installer to be invoking a Base64-obfuscated Bash script before deobfuscating encoded content, allowing Perl-based XOR, and eventually launching the AMOS Stealer.

Such a development comes after the discovery of a spear-phishing scheme against cryptocurrency executives that involved CoinMarketCap journalist impersonation.

Related

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

CorruptionDNS SpoofingDeauthentication AttackDictionary AttackDomain HijackingDrive-by DownloadDumpSecHybrid AttackInformation WarfareReconnaissance

You can skip this ad in 5 seconds