New Malware Targets macOS and Steals Cryptocurrency
23.08.2024 21:00 1 min. read Alexander Stefanov
According to an August 5 report from Moonlock Lab, the "Atomic macOS" (AMOS) malware is experiencing a resurgence, appearing in Google Adsense ads masquerading as legitimate macOS programs like Loom, Figma, and TunnelBlick.
These fake versions are unauthorized and are designed to install AMOS on users’ devices.
Moonlock experts discovered AMOS while investigating a fake Loom ad that redirected them to a fake website. Instead of downloading Loom, users inadvertently installed a sophisticated version of the AMOS malware.
Originally reported by Cyble in April 2023, AMOS was sold on Telegram for $1,000 per month, targeting over 50 different crypto wallets, including MetaMask, Coinbase, and Binance. The malware could steal wallet data, potentially allowing attackers to drain users’ funds.
Now, Moonlock warns that AMOS has been upgraded to replace legitimate wallet apps with clones, making it easier to delete victims’ e-wallets.
In particular, it can clone the Ledger Live software used by Ledger hardware wallets, potentially tricking users into sending cryptocurrencies to attackers. This capability is a significant advancement for AMOS.
Cryptocurrency users on macOS should be cautious when downloading software, especially from ads. To ensure authenticity, it is advisable to search for the official website of the app through organic search results rather than clicking on ads.
Malware remains a serious threat to crypto users, with AMOS being a particularly dangerous example.
-
1
Crypto Theft Surges to $2.1B in 2025: State Actors Lead Historic Wave of Attacks
27.06.2025 16:30 2 min. read -
2
Solana PumpFun Bot Turns Out to Be Malware in Disguise
04.07.2025 9:00 2 min. read -
3
Hackers Steal $140 Million from Brazilian Central Bank, Launder Funds Through Crypto
05.07.2025 11:00 2 min. read -
4
SEC Charges Georgia-based First Liberty and Owner in $140 Million Ponzi Scheme
12.07.2025 17:00 2 min. read -
5
U.S. Court Ends Tornado Cash Legal Dispute, Marking Win for Coin Center
08.07.2025 10:00 2 min. read
SEC Charges Georgia-based First Liberty and Owner in $140 Million Ponzi Scheme
The U.S. Securities and Exchange Commission (SEC) has filed emergency enforcement actions against First Liberty Building & Loan, LLC and its founder, Edwin Brant Frost IV, alleging they operated a $140 million Ponzi scheme that spanned more than a decade and defrauded around 300 investors.
U.S. Court Ends Tornado Cash Legal Dispute, Marking Win for Coin Center
A legal clash between Coin Center and the U.S. Treasury Department over sanctions imposed on Tornado Cash has officially come to an end, following a joint decision to dismiss the case.
Hackers Steal $140 Million from Brazilian Central Bank, Launder Funds Through Crypto
A sophisticated cyberattack targeting Brazil’s central bank reserve accounts has resulted in the theft of over $140 million (R$800 million), much of which was swiftly funneled through cryptocurrency channels.
Solana PumpFun Bot Turns Out to Be Malware in Disguise
A malicious open-source project on GitHub disguised as a Solana trading bot has compromised user wallets, according to a July 2, 2025, report by cybersecurity firm SlowMist.
-
1
Crypto Theft Surges to $2.1B in 2025: State Actors Lead Historic Wave of Attacks
27.06.2025 16:30 2 min. read -
2
Solana PumpFun Bot Turns Out to Be Malware in Disguise
04.07.2025 9:00 2 min. read -
3
Hackers Steal $140 Million from Brazilian Central Bank, Launder Funds Through Crypto
05.07.2025 11:00 2 min. read -
4
SEC Charges Georgia-based First Liberty and Owner in $140 Million Ponzi Scheme
12.07.2025 17:00 2 min. read -
5
U.S. Court Ends Tornado Cash Legal Dispute, Marking Win for Coin Center
08.07.2025 10:00 2 min. read