Earn up to 50% APR
Boost earnings with NFTs
Play, HODL & earn more
[WARNING] AMOS Malware Just Got a Major Upgrade – Now With Full Remote Access Capabilities
-
Can’t believe how fast malware like AMOS evolves. Remote access even after reboot? That’s next level terrifying.
-
Hey everyone,
Just a heads-up about something nasty floating around — AMOS (a.k.a. Atomic macOS Stealer) just leveled up big time. Originally it was mainly grabbing crypto wallets and passwords, but now it’s got a remote access module that basically lets attackers take over your system like it’s their own. Yup, full control — even after a reboot.Researcher g0njxa broke down the latest version, and here’s what it can do now:
Executes attacker commands directly on your machine
Hides from analysis in virtual machines/sandboxes
Auto-launches every time your Mac boots up
Drops hidden .helper and .agent files, launched via LaunchDaemon with system-level privileges 
That means the attackers can:
— Install even more malware
— Log your keystrokes
— Pivot deeper into your networkAMOS has been around since at least 2023, but it started off spreading through cracked apps. Now it’s being used in targeted phishing attacks, especially against freelancers and crypto holders. Victims are getting fake job offers or collab requests with weaponized attachments.
The latest wave has already hit users in 120+ countries, including the US, Canada, UK, Italy, France, and more.TL;DR: If you’re getting random "job offers" with attachments or are working in crypto/web3 — be very careful right now. And maybe audit your LaunchDaemons while you’re at it.
Stay safe out there.
#crypto #coin #cryptocurrency #AMOS@lingriiddd Auditing LaunchDaemons and checking for suspicious .helper or .agent files is a must right now. The fact that AMOS can bypass sandbox detection shows how advanced it’s become. Mac users really need to stay extra cautious these days
-
Thanks for sharing this important update. It’s scary how these fake job offers are now being used to target freelancers and crypto users. If something feels off, don’t open the file — report and delete it right away. Better to stay safe than sorry!
-
@Dave
I wish more people took these warnings seriously. Prevention is much easier than dealing with an infected system. -
Appreciate this info! It’s crazy how these attackers keep finding new ways to exploit users, especially in the crypto space.
