Why AMOS matters: The macOS malware stealing data at scale

Sophos MDR reports on an active AMOS (Atomic macOS) infostealer campaign that leverages ClickFix-style social engineering to execute a bootstrap script, capture the victim's macOS password, deploy an elevated second-stage stealer, perform anti-analysis checks, harvest Keychain, browser and cryptocurrency credentials, archive and exfiltrate data to attacker-controlled C2 servers, and maintain persistence via LaunchDaemons; the report includes technical artifacts, example IOCs, MITRE ATT&CK mapping, and detection/prevention recommendations.