Atomic macOS Stealer Malware Can Steal Keychain Info, Files, Browser Wallets and More - MacRumors
Skip to Content

Atomic macOS Stealer Malware Can Steal Keychain Info, Files, Browser Wallets and More

While Apple's Macs are less targeted by malware than Windows PCs, concerning Mac malware does pop up regularly. This week, there's new Mac malware out in the wild that Mac users should be aware of.

macos atomic malware demo
Called Atomic macOS Stealer (AMOS), the malware was found on Telegram by Cyble Research. A Telegram user was selling access to the malware, which is designed to steal sensitive information like usernames and passwords.

Whoever designed the Atomic macOS Stealer is working behind the scenes to improve it and add new functionality to make it more effective. In its current incarnation, AMOS is able to access keychain passwords, system information, files from the desktop and documents folder, and the password of the Mac.

It is able to infiltrate browser apps like Chrome and Firefox, extracting autofill information, passwords, cookies, wallets, and credit card information. Cryptowallets like Electrum, Binance, and Atomic are specific targets.

macos atomic malware
AMOS can be purchased with a web panel that makes it easy to manage malware targets, along with tools for brute-forcing private keys. The malware and accompanying services to make it easier to use against victims can be purchased on Telegram for $1,000 per month.

A .dmg file is used to get the malware on a victim's machine, and once installed, it immediately begins accessing sensitive information and sending it to a remote server. A fake system prompt is presented to get access to the system password, and it asks for access to files in the documents and desktop folders.

Because this requires a user to click on a .dmg file to install, Mac users can avoid the malware by not installing any kind of untrusted software from an unverified source. Cyble Research recommends installing software from the Mac App Store, using strong passwords and multi-factor authentication, and using biometric authentication where possible.

Users should also avoid opening links in emails, using caution whenever an app asks for permissions, and keeping devices, operating systems, and apps up to date.

Popular Stories

apple back to school sans airpods 2

Apple's 2026 Back to School Offer is Coming Soon

Sunday July 12, 2026 7:29 am PDT by
Apple's stores will be rolling out Back to School marketing materials this week, according to Bloomberg's Mark Gurman. This suggests that the offer will begin in the U.S. in the next few days. Last year, college students and educational staff could receive a free accessory like AirPods 4 or an Apple Pencil Pro with the purchase of a qualifying Mac or iPad model. The Back to School offer is in...
Waze logo

5 New Waze Features Rolling Out Now: Here Are All the Details

Monday July 13, 2026 3:42 am PDT by
Google today announced that Waze is getting a handful of new features, including some Gemini-powered personalization enhancements for Conversational Reporting. Conversational Reporting already uses Gemini when users report traffic incidents like slowdowns, but now you can use it to suggest map updates like road closures or outdated addresses. Saying something like "The road is closed here"...
Mac Pro Feature Teal

Apple's M7 Ultra Chip Designed to Match a 2019 Mac Pro Feat

Sunday July 12, 2026 8:53 am PDT by
Apple's M7 Ultra chip coming in 2028 is designed to support up to 1.5TB of unified memory, according to Bloomberg's Mark Gurman. However, whether such a configuration is offered may depend on the state of the ongoing memory chip shortage. In 2019, Apple released an Intel-based Mac Pro with up to 1.5TB RAM....

Top Rated Comments

42 months ago
Even malware is on a subscription model these days
Score: 112 Votes (Like | Disagree)
AtomicDusk Avatar
42 months ago
hey y’all, I just want to hijack this thread and say that I can’t wait for sideloading on iOS because you can put whatever you want on your Mac.
/s
Score: 40 Votes (Like | Disagree)
sw1tcher Avatar
42 months ago

Sounds like a great reason to only install from the App Store.

It's Apple behind this to prove why it's better to keep the App Store only for iOS and then do the same for the Mac!
Except Apple allows crapware onto their Mac App store too

https://www.macrumors.com/2023/04/25/chatgpt-scam-apps-mac-app-store/

not to mention all the junk on their iOS App store ('https://forums.macrumors.com/threads/psa-watch-out-for-fake-chatgpt-apps-and-other-scams-in-the-mac-app-store.2387808/page-2?post=32124285#post-32124285')
Score: 31 Votes (Like | Disagree)
LV426 Avatar
42 months ago
Next time macOS goes a bit loopy (literally) after an update and keeps asking you to re-enter your Apple ID password, you'd be justified in worrying that something like this is having a go at you.
Score: 20 Votes (Like | Disagree)
Rychiar Avatar
42 months ago

I only rely on Apple’s own Apple App Store on Mac. 💻
I can’t think of anything i’ve ever gotten from the App Store. Even adobe isn’t on the App Store. Nor are things like VLC, superduper, emulators, bit torrent clients. Pretty much anything that makes a Mac Better than an iPad
Score: 18 Votes (Like | Disagree)
TheYayAreaLiving 🎗️ Avatar
42 months ago
I only rely on Apple’s own Apple App Store on Mac. 💻
Score: 17 Votes (Like | Disagree)