Atomic macOS Stealer (AMOS)
Also known as: AMOS, Atomic Stealer
Atomic macOS Stealer (AMOS) is an infostealer targeting Apple macOS systems. It steals keychain passwords, browser credentials and cookies, and cryptocurrency wallets, and is notable for proving that the infostealer-as-a-service model extends well beyond Windows.
What is Atomic macOS Stealer?
Atomic macOS Stealer, commonly abbreviated AMOS, is a malware-as-a-service infostealer built specifically for macOS. Its emergence challenged the assumption that infostealers are a Windows-only problem.
How AMOS works
AMOS typically arrives via malicious DMG installers, cracked applications, or malvertising. On execution it uses social-engineering prompts to capture the user's macOS password, then extracts keychain secrets, browser credentials and cookies, and cryptocurrency wallet data before exfiltrating them.
Why AMOS matters
AMOS demonstrates that macOS users — often assumed to be lower-risk — are squarely targeted by the credential-theft economy. Its keychain access makes a successful infection especially damaging.
VantaPrism's coverage spans macOS-targeting families such as AMOS, so organisations with mixed fleets can detect exposures regardless of the victim's operating system.
Check Your Exposure arrow_forwardFrequently Asked Questions
Do infostealers target Macs?
How does AMOS get the macOS password?
Related Terms
Infostealer malware is a category of malicious software designed to silently harvest sensitive data — passwords, sess…
A stealer log is the package of data exfiltrated from a single device by infostealer malware. It typically contains s…
Compromised credentials are usernames and passwords that have been exposed to unauthorized parties — frequently throu…
Malware-as-a-service (MaaS) is a criminal business model in which malware authors rent or sell their software, infras…