Amos Stealer Targets macOS Keychain Files and Browser Passwords
ID: 025c70d4-bf2c-59a7-ab3d-5afe7373eadf
STIX ID: report--025c70d4-bf2c-59a7-ab3d-5afe7373eadf
Feed Name: HackRead
Amos Stealer is an active macOS-focused infostealer distributed via deceptive downloads and social engineering; it silently uses native utilities (curl -fsSL, AppleScript, ditto, OpenSSL) to collect Keychain data, browser credentials and developer files, compress and chunk the data, then exfiltrate via HTTP PUT to an attacker-controlled domain (bestbuydomain.com) with retry and cleanup behavior. CyberProof recommends enforcing Gatekeeper policies and monitoring for unusual curl commands to detect and block the campaign.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
