Malvertising Mayhem: COOKIE SPIDER’s Sneaky SHAMOS Attack on macOS Users

COOKIE SPIDER’s SHAMOS malware hits over 300 environments through sneaky malvertising. MacOS users searching for tech fixes were duped into running a command that bypassed security checks. Remember, if a website’s fix looks too good to be true, it probably comes with a side of malware!

3P
Published: August 22, 2025 11:09 pmAdded: August 22, 2025 at 4:31 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

Who knew that a simple “flush resolver cache” search could flush your crypto wallet down the drain? COOKIE SPIDER is not just a mouthful, but apparently a walletful of stolen credentials and crypto. macOS users, it’s time to stop thinking of your system as the Fort Knox of operating systems and start treating it like a pet that needs constant attention and the occasional flea bath. Keep your guard up, or your digital cookies might just crumble.

Key Points:

– COOKIE SPIDER used malvertising to spread SHAMOS, a new AMOS malware variant.
– 300+ environments across multiple countries were targeted.
– The attack bypassed macOS Gatekeeper using a one-line command.
– SHAMOS steals credentials, crypto wallets, and more.
– Fake help sites and GitHub repositories were key in the operation.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?