TrendAITM has discovered a troubling change in the distribution of the Atomic Stealer (AMOS) malware in recent cybersecurity research This article explores stealer amos malware. . In the past, cracked macOS software was used to distribute AMOS, a malware-as-a-service (MaaS) intended to steal private information from Apple devices.
The pattern has since changed, though, as attackers are now using OpenClaw skills to fool users into manually entering passwords, which eventually results in AMOS infection of devices. An AI agent platform called OpenClaw is capable of carrying out tasks using a variety of "skills." Malicious OpenClaw skills that trick AI agents into installing malware are used to deliver AMOS in this new attack vector. With instructions that seem benign and even pass VirusTotal scans, the skill initially seems innocuous.
Nevertheless, the AI agent installs a phony command-line interface (CLI) tool on the user's computer after following these instructions, which subsequently installs the AMOS malware. Trend Micro claims that an innocent-looking SKILL.md file that initiates the installation of the OpenClawCLI tool is where the infection chain starts. After that, the skill stealthily retrieves more installation guidelines from a malicious website.
The malware may be silently installed or repeatedly ask the user to install a malicious "driver," depending on the model (e.g., GPT-4o). This represents a major shift from conventional social engineering to AI-based manipulation in AMOS's tactics, techniques, and procedures (TTPs).
The skill is classified as malicious by Claude-4.5-Opus (Source: trendmicro). Data Exfiltration and Malware Payload After the malicious skill is installed, a Mach-O universal binary file that runs on Macs with both Intel and Apple Silicon chips is downloaded. The credentials from Apple and KeePass keychains, files from the Desktop, Documents, and Downloads folders, and even information from Apple Notes are among the many sensitive data that this binary is intended to steal.
Furthermore, the malware has the ability to gather credentials and system information from 19 different browsers, including autofill data and saved passwords. Cybercriminals can access the stolen data after it has been compressed and uploaded to a remote command-and-control (C&C) server.
The malicious "driver" must be manually installed, as GPT-4o keeps reminding the user (Source: trendmicro). In addition to private files, more important data like private keys, certificates, and login credentials for cryptocurrency wallets are also exfiltrated. Defending Against The Threat TrendAITM has taken action to guarantee that its clients are shielded from this changing danger.
Actively blocking AMOS-related domains and identifying malicious activity are the functions of Managed Detection and Response (MDR) services. To stop additional infections, all malicious OpenClaw skills are identified and eliminated. Testing unverified OpenClaw skills in a controlled setting is essential for organizations. To reduce the dangers of AI-based attacks, TrendAITM suggests utilizing isolated testing computers and containers.
Businesses can strengthen their defenses against the constantly changing threat landscape by implementing strong security measures and utilizing continuous monitoring. The agent is instructed to download and extract a malicious payload by a malicious SKILL.md file (Source: trendmicro). Key Value Stack Location 0 0x36750d22b0363d3f stack-0x20 1 0xb88c7cabb1500fec stack-0x18 2 0x9f74da101cad6a49 stack+0x18 3 0x2ba0fa21a3924246 stack+0x20 4 0x22b3e52e351a0393 stack+0x28 5 0xb423da07ae830ad0 stack+0x30 AMOS is not a new threat, but its operators are still coming up with new ways to spread the malware.
Attackers' strategies are always changing, ranging from compromised software to tainted AI agent abilities. The MDR solutions from TrendAITM are essential for spotting and eliminating these threats instantly, averting significant data breaches, and reducing harm.
