Info Stealer

Atomic Stealer

First seen: 2023 • Status: active

Currently Active Threat

Atomic Stealer is a popular Mac password thief sold on Telegram that hunts for crypto wallets and saved passwords.

Overview

Atomic Stealer (AMOS) is a macOS information stealer sold through Telegram. It targets browser data, cryptocurrency wallets, and password managers.

Also Known As

AMOS, Atomic macOS Stealer

How It Spreads

  • Malvertising
  • Fake software updates
  • Cracked applications

What It Does

  • Browser credential theft
  • Crypto wallet extraction
  • Password manager targeting
  • Keychain access
  • File grabbing

Is your business exposed?

Target Platforms

macOS

Detection Tips

  • Monitor for AMOS indicators
  • Check for Keychain access
  • Analyze browser data theft
  • Review crypto wallet access

MITRE ATT&CK Techniques

T1555, T1539, T1005, T1189

If You're Infected

  1. 1.

    Remove Atomic Stealer

  2. 2.

    Reset all passwords

  3. 3.

    Move crypto to new wallets

  4. 4.

    Update password manager credentials

Related Malware

Poseidon, Banshee, Macstealer

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices