Infosecurity Magazine reports that Atomic macOS Stealer, or AMOS, malware has once again been updated to include a backdoor enabling persistence, arbitrary command execution, and prolonged device takeovers.Malicious websites with bogus and pirated software or spear-phishing emails have been leveraged to distribute the latest variant of AMOS, which initially runs the AppleScript payload before activating new logic for persistnece within the installBot function, an analysis from Moonlock researchers revealed. Despite the integration of a backdoor into its latest iteration, AMOS malware was observed to still lag behind more advanced North Korean implants that use multiple commands to facilitate more extensive compromise. However, such features could also be adopted by AMOS developers. "The addition of a backdoor to the Atomic macOS Stealer marks a pivotal shift in one of the most active macOS threats. What was once a smash-and-grab data theft tool is now evolving into a platform for persistent access to a victim's Mac," said Moonlock researchers.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds