Beware the Byte: Atomic macOS Stealer Hits Over 300 in Malvertising Mayhem!
Over 300 entities were hit by SHAMOS, a variant of the Atomic macOS Stealer, in a malvertising campaign. CrowdStrike reports this malware steals everything from passwords to cryptocurrency, proving once again that cybercriminals love a good macOS heist. Remember, if a site offers free macOS advice, it might just be a wolf in geek’s clothing.
Hot Take:
It looks like the COOKIE SPIDER group is baking up more than just web cookies this summer! Their SHAMOS variant of the Atomic macOS Stealer is spreading faster than a viral cat video, and it’s leaving Mac users with empty cryptowallets and a hefty dose of regret. Who would’ve thought that one-liner commands could be more dangerous than a reality TV show marathon? Better get your Gatekeeper on high alert, folks!
Key Points:
- Over 300 entities were hit by the SHAMOS variant of Atomic macOS Stealer between June and August 2025.
- The malware, spread via malvertising, targets macOS users by tricking them into executing a malicious one-line command.
- SHAMOS can steal a wide range of sensitive information, including browser data and cryptocurrency wallet information.
- COOKIE SPIDER group uses malware-as-a-service to rent out SHAMOS to cybercriminals.
- The campaign bypasses macOS Gatekeeper protections, highlighting a growing trend in cybercrime techniques.