Cybercriminals deploy Shamos malware through fake Mac repair sites

close Video

NEW You can now listen to Fox News articles!

A dangerous new malware campaign is targeting Mac users worldwide. Security researchers at CrowdStrike uncovered Shamos, a new variant of the Atomic macOS Stealer (AMOS), developed by a cybercriminal group called COOKIE SPIDER.

The attack relies on ClickFix tactics, where victims searching for Mac troubleshooting help are lured to fake websites or GitHub repositories. These spoofed sites trick users into copying and pasting a one-line command in Terminal, supposedly to fix an error. Instead, the command silently downloads Shamos, bypasses macOS Gatekeeper protections, and installs the malware.

Once inside, Shamos searches for sensitive data, Apple Notes, Keychain items, browser passwords, and even cryptocurrency wallets.