Atomic Stealer: The Most Aggressive macOS Infostealer of 2024

The AMOS (Atomic macOS Stealer) malware is highly active in 2024, stealing keychains, cookies, browser credentials, notes, wallet files, and other sensitive data. It spreads through falsified application installers (Arc, Photoshop, Office) and malicious advertisements, then uses AppleScript to phish system passwords via fake dialogues. Technical characteristics include payloads obfuscated via XOR, theft of keychain and browser data, exfiltration via HTTP POST, abuse of terminal drag-and-drop to trigger execution, and the use of osascript to mimic system prompts.