Full Report
AMOS infostealer is targeting macOS users by abusing popular AI apps and extension marketplaces to harvest credentials. Flare examines how AMOS operates, spreads through AI-driven lures, and feeds the broader stealer-log cybercrime economy. [...]
Analysis Summary
# Tool/Technique: AMOS Infostealer
## Overview
AMOS is an established infostealer targeting macOS users. It operates as a key component in the cybercrime economy by harvesting credentials, session cookies, and sensitive data for resale on underground markets. Recent campaigns have focused on abusing popular AI applications and their extension ecosystems for distribution.
## Technical Details
- Type: Malware family (Infostealer)
- Platform: macOS
- Capabilities: Extracts credentials from browsers, system stores, crypto wallets, messaging apps, and local files; exfiltrates stolen data.
- First Seen: Information about its initial appearance is not provided, but "ClawHavoc" is described as the most recent campaign.
## MITRE ATT&CK Mapping
Since specific execution details are limited to high-level capabilities, general infostealer mappings are applied:
- **TA0001 - Initial Access**
- T1588.002 - Obtain capabilities: Software (Abusing popular software/AI apps for distribution)
- **TA0009 - Collection**
- T1555 - Credentials from Password Stores
- T1555.003 - Credentials from Web Browsers
- T1552.001 - Credentials from Password Stores
- **TA0010 - Exfiltration**
- T1041 - Exfiltration Over C2 Channel
## Functionality
### Core Capabilities
- Enumerates and extracts authentication data, session cookies, and sensitive documents from targeted applications.
- Specifically targets data from browsers, system credential stores, crypto wallets, and messaging applications.
- Exfiltrates collected data to attacker-controlled infrastructure.
### Advanced Features
- Leverages social engineering by embedding itself within *legitimate-looking* additions (skills/add-ons) for popular AI platforms (e.g., OpenClaw).
- Targets emerging technology ecosystems (AI apps and extension marketplaces) where security vetting may be weak.
- Campaigns like "ClawHavoc" focus on supply-chain poisoning within these trusted marketplaces.
## Indicators of Compromise
*Note: No specific hashes, registry keys, or network indicators were present in the provided text.*
- File Hashes: [Not specified]
- File Names: [Not specified, but likely associated with malicious OpenClaw 'skills' or add-ons]
- Registry Keys: [Not specified]
- Network Indicators: [Not specified]
- Behavioral Indicators: Execution resulting from the installation of unvetted AI application add-ons/skills.
## Associated Threat Actors
- The article describes the actors distributing AMOS as being part of a mature cybercrime economy focused on credential harvesting and resale.
- The recent "ClawHavoc" campaign was described in research by "Koi security."
## Detection Methods
- Detection relies on identifying malicious add-ons/skills delivered via AI marketplaces.
- Behavioral detection should flag processes attempting to enumerate and archive data from common credential locations (browsers, wallets).
## Mitigation Strategies
- **Prevention:** Exercise extreme caution when installing add-ons, extensions, or "skills" from third-party or AI application marketplaces, especially if vetting/security reviews appear minimal.
- **Hardening:** Maintain updated security software capable of detecting malware delivered via software supply chains.
## Related Tools/Techniques
- Infostealers (General category)
- Supply Chain Compromise (Delivery technique via marketplaces)