AMOS macOS Stealer: What It Is and How to Remove It from Your Mac

If you use a Mac and recently visited a website that told you to paste a command into Terminal, your system may be infected with AMOS, also known as the Atomic macOS Stealer. This malware does not need sophisticated exploits or zero-day vulnerabilities. It relies entirely on tricking you into running a single command yourself.

AMOS macOS Stealer: What It Is and How to Remove It from Your Mac

Security researchers at Sophos, SentinelOne, and CrowdStrike tracked AMOS activity throughout 2025 and into 2026. In 2025 alone, AMOS accounted for nearly 40% of all macOS protection updates Sophos deployed, making it the most frequently detected macOS malware family by a significant margin.

This guide explains what AMOS does, how it lands on your Mac, how to detect it, and how to remove it completely.

What Is AMOS (Atomic macOS Stealer)?

AMOS is a malware-as-a-service (MaaS) operation that security firms have tracked since at least April 2023. Criminal groups rent access to the malware and use it to steal passwords, browser credentials, cryptocurrency wallet data, and macOS Keychain contents from infected Macs.

Unlike traditional malware that exploits software vulnerabilities, AMOS works through social engineering. The attacker tricks the victim into doing the work themselves by pasting a malicious command into Terminal.

A newer variant called SHub Reaper, documented by SentinelOne researchers in 2026, expands this approach significantly. Reaper uses AppleScript and fake Apple, Microsoft, and Google branding to make its malicious activity look routine to most users.

How AMOS Gets on Your Mac (The ClickFix Technique)

The most common infection method uses a technique called ClickFix. Here is how a typical AMOS infection plays out:

  1. You visit a malicious website or a legitimate site that attackers have compromised.
  2. The page tells you to run a “security scan” or “fix an error” by pasting a command into Terminal.
  3. You paste and run the command.
  4. A bootstrap script downloads and executes the malware silently in the background.

Attackers have used several lures to trigger this action: fake ChatGPT and Grok conversation pages, poisoned search results, fake WeChat or Miro installers, and pages impersonating Microsoft infrastructure with typo-squatted domain names.

One critical detail: Apple never asks you to open Terminal and paste a command to install a security update. If any website tells you to do this, close the tab immediately.

What AMOS Steals from Your Mac

Once AMOS runs, it collects a wide range of sensitive data from your system. The malware targets:

  • macOS Keychain database (all saved passwords and certificates)
  • Browser credentials from Chrome, Firefox, Brave, Edge, Opera, Vivaldi, Arc, and Orion
  • Browser cookies, autofill data, and active session tokens
  • Cryptocurrency wallet data from MetaMask, Phantom, and similar extensions
  • Fake Ledger Wallet and Trezor Suite apps that steal seed phrases and credentials
  • Apple Notes content
  • Desktop and Documents folder files including Word documents, spreadsheets, and wallet files
  • Telegram session data
  • Chrome and Firefox extension storage files

AMOS compresses all stolen files into a single archive using the ditto utility, then sends them to an attacker-controlled server via a curl POST request. After exfiltration, the malware installs a LaunchDaemon that runs automatically after every reboot, giving attackers persistent access to your system.

The SHub Reaper Variant: A More Advanced Version

SHub Reaper builds on the standard AMOS approach but adds several more aggressive behaviors that make it harder to detect and remove.

Reaper routes through AppleScript using the applescript:// URL scheme instead of Terminal commands. This helps it bypass protections Apple added specifically for Terminal-based attack chains in macOS Tahoe 26.4. The malware displays a fake Apple XProtectRemediator security update on screen while executing hidden commands in the background. Attackers pad the malicious AppleScript with fake installer text and ASCII art to push the dangerous commands below the visible window.

For persistence, Reaper installs a fake GoogleUpdate.app structure inside the user’s Library folder and registers a com.google.keystone.agent.plist LaunchAgent that executes every 60 seconds. This closely mimics Google’s legitimate Keystone update service, making the entry much harder to notice during a casual inspection.

Beyond credential theft, Reaper terminates active cryptocurrency wallet processes and replaces internal application resources with attacker-controlled app.asar files, pushing the infection well beyond simple data collection into ongoing system compromise.

How to Detect AMOS on Your Mac

Check for these indicators before attempting removal.

Check for hidden files in your home directory

ls -la ~/

Look for files named .pass, .agent, or .mainhelper. AMOS stores the captured macOS password in a hidden .pass file immediately after the user provides it.

Check for suspicious files in /tmp

ls -la /tmp/

Look for numbered staging directories like /tmp/91897/ or files named update and out.zip. These are typical AMOS collection and archive paths.

Check for unauthorized LaunchDaemons

ls /Library/LaunchDaemons/

Look for unexpected entries like com.finder.helper.plist. Legitimate Apple services use consistent, recognizable naming conventions. An entry you do not recognize or did not install yourself is a strong warning sign.

Check for suspicious LaunchAgents

ls ~/Library/LaunchAgents/

Look for entries referencing Google Keystone or similar trusted-vendor names that you did not install. The SHub Reaper variant registers persistence specifically under com.google.keystone.agent.plist.

Check for unusual network activity

Open Activity Monitor, click the Network tab, and look for processes making unexpected outbound connections. Pay attention to Terminal, osascript, bash, and curl making connections to IP addresses or unfamiliar domains.

How to Remove AMOS from Your Mac

Work through these steps in order if you find signs of an active infection.

Step 1: Disconnect from the Internet

Take your Mac offline before doing anything else. This stops active exfiltration and cuts communication with the attacker’s command-and-control server.

Step 2: Remove the Hidden Credential Files

rm ~/.pass
rm ~/.agent
rm ~/.mainhelper

Run these commands individually. The terminal will show an error for files that do not exist, which you can safely ignore.

Step 3: Remove Malicious LaunchDaemons

sudo launchctl unload /Library/LaunchDaemons/com.finder.helper.plist
sudo rm /Library/LaunchDaemons/com.finder.helper.plist

Always verify the exact file names you found in the detection step before running removal commands. Do not remove legitimate system entries.

Step 4: Remove Malicious LaunchAgents

launchctl unload ~/Library/LaunchAgents/com.google.keystone.agent.plist
rm ~/Library/LaunchAgents/com.google.keystone.agent.plist

If you have the legitimate Google Chrome browser installed, verify that the real Google Keystone service is separate from any suspicious entry before removing anything.

Step 5: Clean Up Temporary Files

rm -rf /tmp/update
rm -rf /tmp/out.zip

Also remove any numbered staging directories under /tmp/ that appeared at or around the time of the infection.

Step 6: Run a Dedicated Malware Scanner

Download Malwarebytes for Mac or run your existing endpoint security tool. A full system scan catches any components that manual removal may have missed, including secondary payloads the malware dropped during execution.

Step 7: Revoke and Reset All Credentials

This step is the most important part of the cleanup. AMOS transmitted your data to the attacker before you started the removal process. Treat every password your Mac stored as compromised.

  • Change your Apple ID password immediately.
  • Change passwords for every account saved in your browser or Keychain.
  • Revoke active sessions on all accounts where the platform supports it.
  • If you stored any cryptocurrency seed phrases on your Mac, move your assets to a new wallet immediately.
  • Enable two-factor authentication on every account that supports it.

Step 8: Audit Browser Extensions

Open each browser you use and review all installed extensions. Remove any extension you did not install yourself or no longer recognize.

  • Chrome: Settings > Extensions
  • Firefox: Add-ons and Themes > Extensions
  • Safari: Settings > Extensions
  • Brave: Settings > Extensions

The AMOS family specifically targets extension storage files, so treat any unfamiliar extension as potentially compromised.

Step 9: Update macOS

Install all pending macOS updates after completing the cleanup. Apple ships XProtect signatures and Gatekeeper improvements through regular software updates. Running an outdated macOS version leaves you more exposed to current AMOS variants that probe for known weaknesses.

How to Prevent AMOS Infections in the Future

These practices significantly cut your exposure to AMOS and similar macOS infostealer threats.

Never paste commands into Terminal from a website: No legitimate service or Apple security process requires this. Any page asking you to open Terminal and run a command is running an attack.

Download software from official sources only: Use the Mac App Store or the official developer website. Avoid installer pages shared through ads, social posts, or direct messages.

Check URLs carefully before downloading anything: Attackers use typo-squatted domains designed to look like Microsoft, Google, or Apple infrastructure. Examine the full domain name before clicking any download button.

Keep macOS updated: Apple ships XProtect and Gatekeeper improvements with every macOS update. These improvements directly target known AMOS behaviors.

Use a dedicated password manager: A standalone password manager stores credentials outside the browser, which limits the data AMOS can harvest from active sessions.

Treat unexpected password prompts as suspicious: If an installer requests your macOS password and then immediately shows a compatibility error or vague failure message, that is a standard AMOS deception pattern designed to reduce suspicion after the theft completes.

Monitor persistence mechanisms: Tools like KnockKnock by Objective-See scan for LaunchAgents and LaunchDaemons and flag entries that look unauthorized. Running a persistence check after installing any new software is a low-effort habit that catches infections early.

Related Tech Guides

Leave a Comment

Comments

No comments yet. Why don’t you start the discussion?

    Leave a Reply