<![CDATA[[WARNING] AMOS Malware Just Got a Major Upgrade – Now With Full Remote Access Capabilities]]>apple.webp

Hey everyone,
Just a heads-up about something nasty floating around — AMOS (a.k.a. Atomic macOS Stealer) just leveled up big time. Originally it was mainly grabbing crypto wallets and passwords, but now it’s got a remote access module that basically lets attackers take over your system like it’s their own. Yup, full control — even after a reboot.

Researcher g0njxa broke down the latest version, and here’s what it can do now:

🔹 Executes attacker commands directly on your machine
🔹 Hides from analysis in virtual machines/sandboxes
🔹 Auto-launches every time your Mac boots up
🔹 Drops hidden .helper and .agent files, launched via LaunchDaemon with system-level privileges 😨

That means the attackers can:

— Install even more malware
— Log your keystrokes
— Pivot deeper into your network

AMOS has been around since at least 2023, but it started off spreading through cracked apps. Now it’s being used in targeted phishing attacks, especially against freelancers and crypto holders. Victims are getting fake job offers or collab requests with weaponized attachments.

🌍 The latest wave has already hit users in 120+ countries, including the US, Canada, UK, Italy, France, and more.

TL;DR: If you’re getting random "job offers" with attachments or are working in crypto/web3 — be very careful right now. And maybe audit your LaunchDaemons while you’re at it.

Stay safe out there.
#crypto #coin #cryptocurrency #AMOS

]]>https://undeads.com/forum/topic/53/warning-amos-malware-just-got-a-major-upgrade-now-with-full-remote-access-capabilitiesRSS for NodeSun, 05 Apr 2026 04:34:50 GMTWed, 09 Jul 2025 11:49:19 GMT60<![CDATA[Reply to [WARNING] AMOS Malware Just Got a Major Upgrade – Now With Full Remote Access Capabilities on Thu, 10 Jul 2025 14:42:24 GMT]]>Keep your MacOS updated, don’t trust random files, and always check file permissions. This new AMOS variant means business

]]>https://undeads.com/forum/post/391https://undeads.com/forum/post/391Thu, 10 Jul 2025 14:42:24 GMT<![CDATA[Reply to [WARNING] AMOS Malware Just Got a Major Upgrade – Now With Full Remote Access Capabilities on Thu, 10 Jul 2025 14:41:48 GMT]]>Time for everyone to run launchctl list and check for any weird .agent or .helper processes. Better safe than drained

]]>https://undeads.com/forum/post/390https://undeads.com/forum/post/390Thu, 10 Jul 2025 14:41:48 GMT<![CDATA[Reply to [WARNING] AMOS Malware Just Got a Major Upgrade – Now With Full Remote Access Capabilities on Thu, 10 Jul 2025 14:41:24 GMT]]>Over 120 countries? That’s not just targeted — that’s a global campaign. Crypto holders especially need to stay sharp

]]>https://undeads.com/forum/post/389https://undeads.com/forum/post/389Thu, 10 Jul 2025 14:41:24 GMT<![CDATA[Reply to [WARNING] AMOS Malware Just Got a Major Upgrade – Now With Full Remote Access Capabilities on Thu, 10 Jul 2025 14:39:32 GMT]]>@Smith
LaunchDaemons, .helper files, remote access… this feels like a movie plot, but it's real life. Stay safe, friends.

]]>https://undeads.com/forum/post/388https://undeads.com/forum/post/388Thu, 10 Jul 2025 14:39:32 GMT<![CDATA[Reply to [WARNING] AMOS Malware Just Got a Major Upgrade – Now With Full Remote Access Capabilities on Thu, 10 Jul 2025 14:38:45 GMT]]>Thank you for posting this. Practical advice and real-world risks explained in a way everyone can understand.

]]>https://undeads.com/forum/post/387https://undeads.com/forum/post/387Thu, 10 Jul 2025 14:38:45 GMT<![CDATA[Reply to [WARNING] AMOS Malware Just Got a Major Upgrade – Now With Full Remote Access Capabilities on Thu, 10 Jul 2025 14:38:07 GMT]]>These attackers exploiting trust in the freelance community is honestly the worst part. Be careful out there!

]]>https://undeads.com/forum/post/386https://undeads.com/forum/post/386Thu, 10 Jul 2025 14:38:07 GMT<![CDATA[Reply to [WARNING] AMOS Malware Just Got a Major Upgrade – Now With Full Remote Access Capabilities on Thu, 10 Jul 2025 14:37:31 GMT]]>I checked my system and luckily everything’s clean, but still feeling uneasy about those fake job DMs.

]]>https://undeads.com/forum/post/385https://undeads.com/forum/post/385Thu, 10 Jul 2025 14:37:31 GMT<![CDATA[Reply to [WARNING] AMOS Malware Just Got a Major Upgrade – Now With Full Remote Access Capabilities on Thu, 10 Jul 2025 14:36:41 GMT]]>If AMOS can bypass VMs and sandboxes, even malware analysts are at risk. That’s wild.”

]]>https://undeads.com/forum/post/384https://undeads.com/forum/post/384Thu, 10 Jul 2025 14:36:41 GMT<![CDATA[Reply to [WARNING] AMOS Malware Just Got a Major Upgrade – Now With Full Remote Access Capabilities on Thu, 10 Jul 2025 14:36:05 GMT]]>This is the kind of info that needs to be spread in every crypto community right now.

]]>https://undeads.com/forum/post/383https://undeads.com/forum/post/383Thu, 10 Jul 2025 14:36:05 GMT<![CDATA[Reply to [WARNING] AMOS Malware Just Got a Major Upgrade – Now With Full Remote Access Capabilities on Thu, 10 Jul 2025 14:35:29 GMT]]>@Smith
Definitely going to stop downloading cracked apps altogether. Not worth the risk anymore.

]]>https://undeads.com/forum/post/382https://undeads.com/forum/post/382Thu, 10 Jul 2025 14:35:29 GMT<![CDATA[Reply to [WARNING] AMOS Malware Just Got a Major Upgrade – Now With Full Remote Access Capabilities on Thu, 10 Jul 2025 14:34:56 GMT]]>Crypto and macOS users need to be on high alert. These phishing tactics are getting too real.

]]>https://undeads.com/forum/post/381https://undeads.com/forum/post/381Thu, 10 Jul 2025 14:34:56 GMT<![CDATA[Reply to [WARNING] AMOS Malware Just Got a Major Upgrade – Now With Full Remote Access Capabilities on Thu, 10 Jul 2025 14:33:36 GMT]]>One more reason to stop downloading cracked software. That free plugin might just cost you your wallet

]]>https://undeads.com/forum/post/380https://undeads.com/forum/post/380Thu, 10 Jul 2025 14:33:36 GMT<![CDATA[Reply to [WARNING] AMOS Malware Just Got a Major Upgrade – Now With Full Remote Access Capabilities on Thu, 10 Jul 2025 14:30:21 GMT]]>Freelancers are such easy targets now. If someone sends you a DM about a 'collab' and there's a file attached — assume it’s malicious

]]>https://undeads.com/forum/post/379https://undeads.com/forum/post/379Thu, 10 Jul 2025 14:30:21 GMT<![CDATA[Reply to [WARNING] AMOS Malware Just Got a Major Upgrade – Now With Full Remote Access Capabilities on Thu, 10 Jul 2025 14:29:54 GMT]]>These attackers are getting way too sophisticated. Remote access + persistence = nightmare fuel

]]>https://undeads.com/forum/post/378https://undeads.com/forum/post/378Thu, 10 Jul 2025 14:29:54 GMT<![CDATA[Reply to [WARNING] AMOS Malware Just Got a Major Upgrade – Now With Full Remote Access Capabilities on Thu, 10 Jul 2025 14:29:31 GMT]]>LaunchDaemons are no joke — once malware gets in there with root privileges, it’s game over. Everyone on macOS should audit theirs ASAP.

]]>https://undeads.com/forum/post/376https://undeads.com/forum/post/376Thu, 10 Jul 2025 14:29:31 GMT<![CDATA[Reply to [WARNING] AMOS Malware Just Got a Major Upgrade – Now With Full Remote Access Capabilities on Thu, 10 Jul 2025 13:46:06 GMT]]>@Smith
Big thanks to researchers like g0njxa who help us understand threats like this.

]]>https://undeads.com/forum/post/351https://undeads.com/forum/post/351Thu, 10 Jul 2025 13:46:06 GMT<![CDATA[Reply to [WARNING] AMOS Malware Just Got a Major Upgrade – Now With Full Remote Access Capabilities on Thu, 10 Jul 2025 13:38:57 GMT]]>@Dave
I wish more people took these warnings seriously. Prevention is much easier than dealing with an infected system.

]]>https://undeads.com/forum/post/350https://undeads.com/forum/post/350Thu, 10 Jul 2025 13:38:57 GMT<![CDATA[Reply to [WARNING] AMOS Malware Just Got a Major Upgrade – Now With Full Remote Access Capabilities on Thu, 10 Jul 2025 13:37:55 GMT]]>Crazy how malware campaigns have gone global so fast—120+ countries already??

]]>https://undeads.com/forum/post/349https://undeads.com/forum/post/349Thu, 10 Jul 2025 13:37:55 GMT<![CDATA[Reply to [WARNING] AMOS Malware Just Got a Major Upgrade – Now With Full Remote Access Capabilities on Thu, 10 Jul 2025 13:37:10 GMT]]>Appreciate the reminder to stay vigilant. These attackers are ruthless, and we have to protect ourselves.

]]>https://undeads.com/forum/post/348https://undeads.com/forum/post/348Thu, 10 Jul 2025 13:37:10 GMT<![CDATA[Reply to [WARNING] AMOS Malware Just Got a Major Upgrade – Now With Full Remote Access Capabilities on Thu, 10 Jul 2025 11:36:22 GMT]]>Honestly, this is one of the most useful warnings I’ve seen today. Time to be paranoid for the right reasons.

]]>https://undeads.com/forum/post/343https://undeads.com/forum/post/343Thu, 10 Jul 2025 11:36:22 GMT<![CDATA[Reply to [WARNING] AMOS Malware Just Got a Major Upgrade – Now With Full Remote Access Capabilities on Thu, 10 Jul 2025 11:35:44 GMT]]>Appreciate this info! It’s crazy how these attackers keep finding new ways to exploit users, especially in the crypto space.

]]>https://undeads.com/forum/post/342https://undeads.com/forum/post/342Thu, 10 Jul 2025 11:35:44 GMT<![CDATA[Reply to [WARNING] AMOS Malware Just Got a Major Upgrade – Now With Full Remote Access Capabilities on Thu, 10 Jul 2025 11:35:06 GMT]]>Wow, this AMOS update is scary. Thanks for the heads-up—really need to double-check my Mac's security settings now.

]]>https://undeads.com/forum/post/341https://undeads.com/forum/post/341Thu, 10 Jul 2025 11:35:06 GMT<![CDATA[Reply to [WARNING] AMOS Malware Just Got a Major Upgrade – Now With Full Remote Access Capabilities on Thu, 10 Jul 2025 11:01:11 GMT]]>Thanks for sharing this important update. It’s scary how these fake job offers are now being used to target freelancers and crypto users. If something feels off, don’t open the file — report and delete it right away. Better to stay safe than sorry!

]]>https://undeads.com/forum/post/339https://undeads.com/forum/post/339Thu, 10 Jul 2025 11:01:11 GMT<![CDATA[Reply to [WARNING] AMOS Malware Just Got a Major Upgrade – Now With Full Remote Access Capabilities on Thu, 10 Jul 2025 10:53:00 GMT]]>@lingriiddd Auditing LaunchDaemons and checking for suspicious .helper or .agent files is a must right now. The fact that AMOS can bypass sandbox detection shows how advanced it’s become. Mac users really need to stay extra cautious these days

]]>https://undeads.com/forum/post/338https://undeads.com/forum/post/338Thu, 10 Jul 2025 10:53:00 GMT