Fake macOS Help Sites Seek to Spread Infostealer in Targeted Campaign

A sophisticated malvertising campaign which sought to deploy a variant of Atomic macOS Stealer (AMOS) has targeted hundreds of organizations. Between June and August 2025, the campaign saw victims diverted to fraudulent macOS help websites and encouraged them to execute a malicious one-line installation command. The aim was for victims to ultimately be infected with the SHAMOS variant of the AMOS infostealer, developed by malware-as-a-service (MaaS) group Cookie Spider. During this period, CrowdStrike said it blocked the malvertising campaign from attempting to compromise over 300 of its customer environments.

To read the complete article see: InfoSecurity Magazine

---