Security researchers from MoonLock discovered a new wave of malicious activity attributed to the evil AMOS, also known as Atomic Stealer. The attackers, believed to be connected to the hacker group Crazy Evil, are spreading malware through fake advertising campaigns on Google ADS, disguising it as a popular MacOS application for recording the Loom screen. The real website of Loom (left) and fake (right) Investigations have revealed that cybercriminals are crafting counterfeit websites that closely resemble the official Loom website. Unsuspecting users clicking on these advertisements are redirected to these fraudulent sites, where they unwittingly download the updated version of Amos Stealer. This malicious software is capable of stealing data from browsers, accounts, passwords, and even draining cryptocurrency wallets. |
The new variant of Amos Stealer comes equipped with unique features, such as the ability to replace the legitimate application Ledger Live with a malicious replica. Ledger Live is a platform that enables users to manage cryptocurrencies, NFTs, and DeFi (decentralized finance) using blockchain-based systems like smart contracts to provide financial services without relying on traditional financial entities like banks or exchanges. |