Researchers have found the Atomic macOS Stealer (AMOS) now has an embedded backdoor allowing hackers to maintain persistent access to a victim’s Mac, run arbitrary tasks from remote servers, and gain extended control over compromised machines.
More info here: https://moonlock.com/amos-backdoor-persistent-access
Ensar Seker, CISO at threat intel company SOCRadar, commented:
“The evolution of AMOS into a dual-purpose threat, infostealer plus backdoor marks a critical escalation in macOS-targeted malware. What makes this particularly concerning is the shift from quick data theft to long-term persistence and remote control, which dramatically increases the attacker’s dwell time and options. This is no longer just about stealing saved passwords; it’s about full-scale surveillance, data exfiltration, and even lateral movement into connected enterprise environments.
Given that AMOS is now only the second known backdoor operating at this scale on macOS, following a North Korean state-linked campaign, it signals that macOS is no longer flying under the radar. Enterprises with mixed-OS environments need to treat macOS endpoints as equally high risk and ensure EDR coverage, script execution controls, and user behavior monitoring are in place.”
This is a dangerous evolution in this malware which you should pay attention to. You can avoid being a victim by avoiding downloads from unverified sources and avoiding pirated software. In other words, good computer hygiene should keep you safe.
Related
This entry was posted on July 9, 2025 at 3:49 pm and is filed under Commentary with tags Apple. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Atomic macOS Infostealer’s New Backdoor Enables Persistent Access
Researchers have found the Atomic macOS Stealer (AMOS) now has an embedded backdoor allowing hackers to maintain persistent access to a victim’s Mac, run arbitrary tasks from remote servers, and gain extended control over compromised machines.
More info here: https://moonlock.com/amos-backdoor-persistent-access
Ensar Seker, CISO at threat intel company SOCRadar, commented:
“The evolution of AMOS into a dual-purpose threat, infostealer plus backdoor marks a critical escalation in macOS-targeted malware. What makes this particularly concerning is the shift from quick data theft to long-term persistence and remote control, which dramatically increases the attacker’s dwell time and options. This is no longer just about stealing saved passwords; it’s about full-scale surveillance, data exfiltration, and even lateral movement into connected enterprise environments.
Given that AMOS is now only the second known backdoor operating at this scale on macOS, following a North Korean state-linked campaign, it signals that macOS is no longer flying under the radar. Enterprises with mixed-OS environments need to treat macOS endpoints as equally high risk and ensure EDR coverage, script execution controls, and user behavior monitoring are in place.”
This is a dangerous evolution in this malware which you should pay attention to. You can avoid being a victim by avoiding downloads from unverified sources and avoiding pirated software. In other words, good computer hygiene should keep you safe.
Share this:
Like this:
Related
This entry was posted on July 9, 2025 at 3:49 pm and is filed under Commentary with tags Apple. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.