Key Takeaways
- The AMOS malware can now clone wallet apps to steal funds.
- It targets Mac users through Google Ads, posing as legitimate software.
- It may clone additional wallets like MetaMask and Trust Wallet soon.
Malware known as “Atomic MacOS” (AMOS) has evolved, now capable of cloning wallet applications and stealing funds from users. C
ybersecurity firm Moonlock Lab reported on Aug. 5 that AMOS is being advertised through Google Ads, disguised as legitimate programs like Loom, Figma, and Callzy.
The AMOS malware has been circulating since April 2023, sold as a subscription service for $1,000 per month, targeting over 50 different wallets, including MetaMask, Coinbase, and Atomic.
Now Ledger
Its latest upgrade allows it to clone Ledger Live, a widely used hardware wallet app. This poses a particular risk, as the malware can trick users into sending their funds to attackers through deceptive displays.
Moonlock warns that the AMOS malware may eventually clone other wallet apps like MetaMask and Trust Wallet, further expanding its threat.
Distributed via Google Ads, users are urged to exercise caution when downloading software from ad-based links.
