Fun

Mac users beware: AMOS malware clones wallet apps and comes for your crypto

News Feed - 2024-08-23 10:08:56

Christopher Roark10 hours agoMac users beware: AMOS malware clones wallet apps and comes for your cryptoThe AMOS stealer targeting Mac users can now clone Ledger Live software and may soon clone other wallet apps, warns cybersecurity firm Moonlock.1605 Total views6 Total sharesListen to article 0:00AnalysisOwn this piece of crypto historyCollect this article as NFTCOINTELEGRAPH IN YOUR SOCIAL FEEDFollow ourSubscribe onMalware program “Atomic MacOS,” or “AMOS,” now has a new capability that allows it to clone wallet apps and steal cryptocurrency from users.


According to an Aug. 5 report from cybersecurity firm Moonlock Lab, the program is experiencing a resurgence, with the firm spotting it being advertised through Google AdSense. In the advertisements, it masqueraded as popular MacOS programs, including screen sharing app Loom, user interface design tool Figma, VPN Tunnelblick, and instant messaging app Callzy. None of the developers of these apps authorized the fake AMOS malware versions.


Moonlock researchers discovered the malware when they ran across a version that pretended to be Loom. When they clicked the advertisement, it redirected them to smokecoffeeshop.com, which then redirected them again to a fake version of the Loom website. 


The fake version looked exactly like the real one. However, when a user clicked the “Get Loom for free” button, instead of downloading the Legitimate Loom program, it downloaded “a complex version of the AMOS stealer.”Comparison between real (left) and fake (right) version of Loom website. Source: Moonlock Lab


AMOS is not a new program. Cybersecurity firm Cyble reported its existence as early as April 2023. According to Cyble, the program was being sold to cybercriminals on Telegram as a subscription service for $1,000 per month.  


At the time, it was capable of targeting over 50 different crypto wallets, including Electrum, MetaMask, Coinbase, Binance, Exodus, Atomic, Coinomi and others. When the program found any of these wallets on a user’s computer, it stole the wallet’s data, Cyble claimed, implying that the user’s encrypted keyvault file was likely snatched by AMOS.AMOS targeting crypto wallets. Source: Cyble Research and Intelligence Labs


If a keyvault file is stolen, the attacker can drain the user’s wallet, especially if the victim used a weak password when they first created their wallet account.


Moonlock claimed that the software has now apparently been upgraded, as it found a version that “has a novel capability.” AMOS can now “replace a specific crypto wallet app with a clone and easily wipe out victims’ e-wallets.” 


Specifically, it can clone the Ledger Live software used by Ledger hardware wallet owners. Moonlock emphasized that this capability “has never been reported in a version of AMOS before and represents a significant leap forward” for the malicious program.


Ledger devices store their private keys on hardware devices, out of the reach of malware installed on a PC, and users have to confirm each transaction on the device. This makes it difficult for malware to steal crypto from Ledger users. However, the attacker’s intention in cloning Ledger Live may be to display deceptive information on the user’s screen, causing them to mistakenly send their crypto to the attacker. 


Related:Ledger CTO warns crypto users about the dangers of "blind signing"


Even more troubling than the ability to clone Ledger Live, the report notes that future versions of the software may be able to clone other apps. This could potentially include software wallets like MetaMask and Trust Wallet. “If this new version of AMOS can replace Ledger Live with a fake malicious clone,” Moonlock suggested, “it could do the same with other apps.”


Software wallets display all their information directly on the PC monitor, making deceptive displays even more dangerous.


Moonlock claimed to have traced the software to developer Crazy Evil, which advertises itself on Telegram. The group allegedly posted a recruitment ad boasting of the AMOS software’s ability to clone Ledger Live.


Users who run crypto wallet software on a Mac should be aware that AMOS is specifically targeting people like them. This malware is generally distributed through Google Adsense ads, so they may want to be extremely careful when considering whether to download software from a website they found through a banner or display ad. It may appear to be Loom, Callzy or another popular program but in fact is a copy of AMOS.


Magazine: Weird ‘null address’ iVest hack, millions of PCs still vulnerable to ‘Sinkclose’ malware: Crypto-Sec


If in doubt about the authenticity of a website, typing the name of the program into a search engine and scrolling down to the organic results is sometimes an effective way of finding the official website for an app, as scammers usually don’t have the domain authority to rank at the top of organic results for an app’s name.


Google uses filters in an attempt to prevent malware programs from being advertised through its program, but they are not 100% effective.


Malware continues to be a serious threat to crypto users. On Aug. 16, cybersecurity firm Check Point Research discovered a similar “stealer” program that drained crypto through a method called “clipping.” On May 13, Kaspersky Labs discovered malware called “Durian” that was used to attack crypto exchanges.# Bitcoin# Bitcoin Wallet# Wallet# Ethereum# Adoption# Malware# Hardware Wallet# Cybersecurity# Hot walletAdd reaction

News Feed

Bitcoin Could Drop Below $90,000 If It Doesn’t Break This Level, Rally On Pause?
Este artículo también está disponible en español. Bitcoin (BTC) has been consolidating above the $90,000 support zone for the last ten days, reaching its latest all-time
ERTHA Listing on ByBit
ERTHA Listing on ByBit sponsored Ertha Metaverse, one of blockchain gaming’s most talked about metaverses has today announced the listing of the ERTHA token on another of the
Russia’s Sber Bank Aims for Blockchain Integration With Ethereum and Metamask
Russia’s Sber Bank Aims for Blockchain Integration With Ethereum and Metamask Banking giant Sber wants to integrate its blockchain platform with the Ethereum blockchain and the M
Dow Futures Sink and Furious Donald Trump Rages at 'Gutless' Fed
Dow Jones Industrial Average (DJIA) futures plunged lower in early trading Thursday. It comes after the Federal Reserve cut the target base rate by 25 points, as expected. But the stock market, not to mention Donald Trum
Hollywood Has Future in Blockchain, NFTs Says Outgoing Warner Media CEO
Hollywood Has Future in Blockchain, NFTs Says Outgoing Warner Media CEO Jason Kilar, the outgoing CEO of Warner Media, has touted blockchain as a technology that could transform th
New Exchanger for Cryptocurrencies From Swep.io: Speed, Convenience and No Limits of Exchange Operations
New Exchanger for Cryptocurrencies From Swep.io: Speed, Convenience and No Limits of Exchange OperationsA team of professional developers from Estonia is launching a new crypto exch
With $2․4M Fundraising in Seed Round, KNN3 Network Races to Provide a Multi-Chain Relationship Aggregating Protocol for d/App and Smart Contract
With $2․4M Fundraising in Seed Round, KNN3 Network Races to Provide a Multi-Chain Relationship Aggregating Protocol for d/App and Smart Contract press release PRESS RELEASE.Web3 r
Technical Analysis: SOL, LUNA and AVAX All Down on Friday
Technical Analysis: SOL, LUNA and AVAX All Down on Friday Solana, terra and avalanche were all lower on Friday, as market uncertainty impacted all major cryptocurrencies. This came
Rakesh Upadhyay5 hours agoPrice analysis 7/7: BTC, ETH, BNB, XRP, ADA, DOGE, SOL, LTC, MATIC, DOTBitcoin and select altcoins are finding buyers at lower levels, indicating a pick-up in positive sentiment.2105 Total views
XRP Frenzy Builds: Over $1 Billion in Open Interest Signals Breakout Tension
Reason to trust Strict editorial policy that focuses on accuracy, relevance, and impartiality Created by industry experts and meticulously reviewed The highest standards in reporting and pu
Proof-of-funds technology seeks to replace exchanges’ reserves reports
Ana Paula Pereira11 hours agoProof-of-funds technology seeks to replace exchanges’ reserves reportsData lake provider Tres is introducing a new mechanism to track exchange and custodian reserves, joining Chainlink and
US private investors predict surge in crypto investments in 2024 — Report
Ana Paula Pereira2 hours agoUS private investors predict surge in crypto investments in 2024 — ReportA survey by law firm Barnes & Thornburg found that 59% of US private investors are more likely to invest in crypt