The journey into Mac OS infostealers

This investigative timeline summarizes the evolution of Mac OS infostealers from the early 0xFFF/OSx Stealer through the AMOS fork and subsequent Poseidon/Cthulhu/Banshee variants, documenting developer interactions, marketplace sales and exit scams, and operational details (DMG installers, Gatekeeper/workarounds, Telegram/AnonFiles exfiltration). The report highlights active criminal use targeting browser credentials and cryptocurrency wallets, developer disputes and source-code trades, and the consolidation of AMOS as the primary Mac infostealer in the market.