New macOS malware bypasses Apple security to steal your data

New macOS malware bypasses Apple security to steal your data

Mac security faces growing malware threat

by Kurt Knutsson
image_printPrint this article

Mac computers are often seen as more secure than other personal computing devices, thanks to Apple’s strong security measures and a tightly controlled software ecosystem. However, that sense of safety is now under serious threat.

A new campaign called Atomic macOS Stealer, or AMOS, is targeting macOS users by disguising itself as cracked versions of popular apps. Trend Micro researchers warn that this malware cleverly bypasses Apple’s latest security improvements. It uses social engineering tricks and technical workarounds to install itself on victims’ machines, then silently steals sensitive data like passwords, crypto wallets, and key system files.

 

 

Macbook on table

 

How AMOS tricks you into installing malware

As reported by Infosecurity Magazine, the AMOS campaign spreads primarily through websites offering pirated versions of legitimate macOS applications. One such site hosts cracked software and lures those searching for popular apps like CleanMyMac.

Once you download the fake software, you are directed to either click a “Download for MacOS” button or follow instructions to copy and paste malicious commands into the macOS Terminal. The technique resembles a fake CAPTCHA, designed to convince you that you are performing a legitimate action. These social engineering tactics help attackers bypass the normal security warnings and protections built into macOS.

Malicious malware site screenshot

Infosecurity Magazine

 

How hackers bypass Apple’s security protections

Traditional macOS malware typically relies on .dmg installers that Apple’s Gatekeeper is designed to block. The AMOS operators adapted by shifting to terminal-based installation methods that proved far more effective. Once installed, the malware establishes persistence by creating a LaunchDaemon entry that repeatedly executes its hidden binary.

This binary collects sensitive information from the victim’s system, including browser credentials, Apple Notes, Telegram chats, keychain items, and even cryptocurrency wallets. The attackers are able to maintain long-term access without the user realizing their machine has been compromised.

Trend Micro’s research found that the AMOS campaign uses frequent domain and URL rotation. This prevents static detection systems from identifying and blocking the malicious infrastructure. Each time a user visits the malicious site, they may be redirected to a different domain.

The landing page customizes itself based on the visitor’s operating system and changes the destination payload accordingly. These tactics allow the attackers to evade takedowns and make their operation more resilient. The researchers expect the domains and URLs to continue changing over time, further complicating efforts to stop the malware.

Person is using a macbook

 

6 ways to stay safe from malware like AMOS

Protecting your Mac from advanced threats requires more than just trusting built-in security features. Here are six essential steps you can take to keep your system and data safe.
 

1) Avoid downloading cracked software

Downloading pirated or cracked software puts your system at risk of being infected with malware like AMOS. Always use official app stores such as the Mac App Store or trusted developer websites. Avoid untrusted sites that offer free versions of paid apps.

 

2) Use a reliable antivirus solution

A strong antivirus helps detect and block malicious files and suspicious activity in real time. It can prevent malware like AMOS from executing on your system or alert you if a suspicious process is running.

More from CyberGuy
🔴 Free Live Class
Latest CyberGuy Report podcast episode

Watch the latest episode of The CyberGuy Report.

📱 Free class recording: Lock down your phone

Missed this event? Sign up via the registration form and see our live recording.

🛒 This week’s top Amazon deals

See Kurt’s latest Amazon picks for useful gadgets, smart home upgrades and everyday tech worth grabbing while the deals last.

×

Latest CyberGuy Report podcast episode

Reserve your free spot

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Make sure your antivirus software is always up to date.

One of the top solutions we recommend is Norton Antivirus Plus, which extends protection beyond just traditional virus scanning. While iPhones have strong built-in security, Norton adds an important extra layer by helping block malicious websites, phishing links, and unsafe downloads before they can cause harm. If you accidentally tap a bad link in an email, text message, or social media post, Norton helps prevent access to known dangerous sites using its continuously updated threat intelligence. If you are interested in a strong antivirus with phone customer service, we recommend Norton Antivirus Plus. This product includes:
  • Strong real-time protection against viruses, malware, ransomware and hacking attempts
  • AI-powered scam protection to help identify suspicious emails, texts and websites
  • Built-in password manager to securely store and manage logins
  • 2 GB PC cloud backup to help protect important files from ransomware or hardware failure
  • Smart firewall and phishing protection
COVERAGE
  • Protects 1, 3 or 5 devices
  • Available for Windows, macOS, Android and iOS
  • Includes real-time threat protection, smart firewall and phishing protection to guard against online attacks
EXCLUSIVE CYBERGUY DEAL: 58% off (year 1) Please note that the above product is the core antivirus product. Norton may try to upsell additional products, but we don’t recommend them. We encourage you to decline those offers.

 

3) Use a password manager for strong, unique passwords

AMOS can steal stored credentials from browsers and password managers. Using a dedicated, secure password manager ensures that your passwords are stored safely and are not easily accessible by malware. Many password managers also detect compromised passwords.

Next, see if your email has been exposed in past breaches. Our #1 pick, NordPass, includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

One of the best password managers out there is NordPass. It is secure, user-friendly, and uses zero-knowledge architecture with military-grade XChaCha20 encryption to protect your data. NordPass works across Windows, macOS, Linux, Android, iOS, and major browsers and includes features like:
  • Unlimited password storage
  • Secure sharing
  • Password health reports
  • Auto-fill and emergency access
  • Data breach monitoring to alert you if your credentials have been exposed
  • A Security Dashboard with tools like the Data Breach Scanner and Password Health Checker to identify weak, reused, or compromised passwords
Use NordPass to check if your email or passwords have shown up in known data breaches, and take immediate action if they have.
 
CyberGuy Exclusive Deal: Save 52% now with CyberGuy’s exclusive NordPass offer – Get 1 extra month FREE with a 2-year plan. Try 30 days risk-free for only $1.43 per month!

 

4) Update your system and applications

Keep your macOS and applications up to date to ensure you receive the latest security patches. Many malware variants exploit unpatched vulnerabilities, so regular updates help close those security gaps.

 

5) Be wary of social engineering tricks

Malware like AMOS often relies on convincing users to run malicious commands or download trojanized installers disguised as cracked apps. Never copy and paste random commands into the terminal or click suspicious links. Always verify the source before taking action.

 

6) Protect your digital identity with identity theft protection services

When malware steals your sensitive information, identity theft protection services alert you if your personal data shows up in breach records or on the dark web. Identity theft companies monitor personal information, such as your Social Security Number (SSN), phone number, and email address. They alert you if criminals sell it on the dark web or use it to open an account. They also help you freeze your bank and credit card accounts to stop further unauthorized use.

One of the best parts of my top pick, Aura Identity Protection, is its all-in-one approach to safeguarding your personal and financial life. Aura includes identity theft insurance of up to $1 million per adult to cover eligible losses and legal fees, plus 24/7 U.S.-based fraud resolution support with dedicated case managers ready to help restore your identity fast.

Exclusive CyberGuy deal: Save up to 68% today: Get Aura’s award-winning identity theft protection and credit monitoring for as low as $9/month when billed annually.

See my full list of trusted identity theft protection services and expert tips to stay safe online.

 

Related links:

 

Kurt’s key takeaway

The AMOS campaign highlights that macOS is no longer immune to advanced malware threats. You must avoid downloading software from untrusted sources, especially pirated applications. It’s recommended to deploy a layered defense strategy that does not rely solely on Apple’s built-in protections. This includes endpoint detection tools, frequent software updates, and educating users about social engineering risks. The stolen data poses serious threats not just to individuals, but also to businesses, potentially leading to credential theft, financial loss, or deeper intrusions into enterprise systems.

Which platform do you use to download apps on your Mac? Let us know in the comments below.

FOR MORE OF MY TECH TIPS & SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

 

 

Copyright 2025 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.

image_printPrint this article

   
 
 
🎙 Now Streaming: My New Podcast: The CyberGuy Report

   


 

Kurt’s Top Deals

Deals move fast and inventory can be limited, so don’t wait too long.

🔥 Editor’s pick
Summer entertaining
Ninja SLUSHi Machine
(26% off)
Frozen drinks and slushies at home in minutes.
 
Patriotic pick
American Flag
(19% off)
Heavyweight outdoor American flag.
💰 Top deal
Outdoor essential
TYPEC Solar Bug Zapper
(36% off)
Solar-powered bug zappers for patios and camping.
 
Car tech
ROVE R3 Dash Cam
(33% off)
Front, rear and cabin camera coverage.

Leave a Comment

Free newsletter

Get my free CyberGuy Report

Get my latest tech news, security alerts, tips and deals delivered straight to your inbox.

No spam. No sharing your email. Ever.

🎁

Bonus: Get my FREE Ultimate Scam Survival Guide instantly when you sign up.

By signing up, you agree to our Terms of Service and Privacy Policy . You may unsubscribe at any time.

Tips to avoid our newsletters going to your junk folder