The AMOS stealer targeting Mac users can now clone Ledger Live software and may soon clone other wallet apps, warns cybersecurity firm Moonlock.
Malware program “Atomic MacOS” or “AMOS” now has a new capability that allows it to clone wallet apps and steal cryptocurrency from users.
According to an Aug. 5 report from cybersecurity firm Moonlock Lab, the program is experiencing a resurgence, as the firm spotted it being advertised through Google Adsense. In the advertisements, it masqueraded as popular MacOS programs, including screen sharing app Loom, user interface design tool Figma, VPN TunnelBlick, and instant messaging app Callzy. None of the developers of these apps authorized the fake AMOS malware versions.
Moonlock researchers discovered the malware when they ran across a version that pretended to be Loom. When they clicked the advertisement, it redirected them to smokecoffeeshop.com, which then redirected them again to a fake version of the Loom website.
