According to an August 5 report from Moonlock Lab, the "Atomic macOS" (AMOS) malware is experiencing a resurgence, appearing in Google Adsense ads masquerading as legitimate macOS programs like Loom, Figma, and TunnelBlick.
These fake versions are unauthorized and are designed to install AMOS on users’ devices.
Moonlock experts discovered AMOS while investigating a fake Loom ad that redirected them to a fake website. Instead of downloading Loom, users inadvertently installed a sophisticated version of the AMOS malware.
Originally reported by Cyble in April 2023, AMOS was sold on Telegram for $1,000 per month, targeting over 50 different crypto wallets, including MetaMask, Coinbase, and Binance. The malware could steal wallet data, potentially allowing attackers to drain users’ funds.
Now, Moonlock warns that AMOS has been upgraded to replace legitimate wallet apps with clones, making it easier to delete victims’ e-wallets.
In particular, it can clone the Ledger Live software used by Ledger hardware wallets, potentially tricking users into sending cryptocurrencies to attackers. This capability is a significant advancement for AMOS.
Cryptocurrency users on macOS should be cautious when downloading software, especially from ads. To ensure authenticity, it is advisable to search for the official website of the app through organic search results rather than clicking on ads.
Malware remains a serious threat to crypto users, with AMOS being a particularly dangerous example.
BingX, a cryptocurrency exchange, has alerted users to a possible security breach involving its hot wallet, leading to the activation of emergency protocols.
In the next five years, government prosecutors and tax agencies are expected to utilize artificial intelligence to analyze blockchain data for crime detection, according to Chainalysis CEO Michael Gronager.
Germany has shut down 47 cryptocurrency exchanges, accusing them of enabling cybercriminals to launder money by ignoring anti-money laundering regulations.
In the wake of the $230 million hack at Indian crypto exchange WazirX, the attackers have moved another $12 million worth of Ethereum.