Shamos, new malware that target Mac users to steal our crypto credentials

[fullfitlarry]

There is a new infostealer malware in the wild that target Mac devices. So if you are using Mac just like me, you need to read this kind of attacks. Researcher called it Shamos, which is another variant of the Atomic macOS Stealer (AMOS).

The victims are being lured by the cyber criminals into malvertising or fake GitHub repositories that utilize ClickFix. They are under the guise of installing a fix problems or your Mac or update a software.



And this is how it looks like if you go and search it on the Big G



And this is how they steal from our machine;

1. searches for sensitive files like crypto wallets and other personal information.
2. package it into a zip file
3. and submit it to the attackers command and control

This are the following websites that are compromise:

Code:

 mac-safer[.]com
rescue-mac[.]com
https[:]//github[.]com/jeryrymoore/Iterm2 

https://www.crowdstrike.com/en-us/blog/falcon-prevents-cookie-spider-shamos-delivery-macos/

So again, this is a lesson not to download from unknown sources. Although from time to time, I will search for something if I have a problem on my Mac specially if I'm desperate to solve my issues. But it's obvious not a good strategy as I can potentially downloaded his malware. So everyone should be self-aware.

[Porfirii]

Thank you for warning us of this danger with this pertinent news. Although Mac users should always download their applications from the App Store, as it's the safest way, we sometimes don't find what we're looking for and we end up landing on developers' websites or in repositories of dubious reliability.

I was planning to download a junk manager/remover like I had to do several years ago. Not the kind of application you're warning us about, precisely, but after your reminder I'll take special care this time with what I download and where I download it from.

[albon]

I agree with what one of the experts mentioned in this article, who pointed out that the easiest way to compromise a device is through the user himself..  I completely agree with this, as if the user is redirected to fake websites through these malicious ads, then by simply refraining from executing any commands in the Terminal, enabling ad filters, and using security tools,, they would not fall victim to Shamos... This is indeed a smart attack that relies on exploiting people’s fear of technical problems which can easily lead them into the trap through search engines and these widespread malicious ads .

This is an important warning for beginners and Mac users.. Although macOS provides strong protection, it is still vulnerable to infection by malicious software, which makes caution necessary.

[sunsilk]

This is why I never trust any single sponsored ads that comes out of google after a few search that I do. Despite that it's not telling in the description about its whole relation to cryptocurrencies.

These malware creators are wise enough to use other tools that people are looking for for free and that's how they attack and install the malware that they develop.

Thanks OP about this, I rarely use mac but my relatives has got it and maybe with their explorative minds, they might encounter such mac related tools and scam ads.

[Rustam Meraj]

I agree with what one of the experts mentioned in this article, who pointed out that the easiest way to compromise a device is through the user himself..  I completely agree with this, as if the user is redirected to fake websites through these malicious ads, then by simply refraining from executing any commands in the Terminal, enabling ad filters, and using security tools,, they would not fall victim to Shamos... This is indeed a smart attack that relies on exploiting people’s fear of technical problems which can easily lead them into the trap through search engines and these widespread malicious ads .

This is an important warning for beginners and Mac users.. Although macOS provides strong protection, it is still vulnerable to infection by malicious software, which makes caution necessary.

Users are mostly weakest link in device security. Hackers usually do not break through system code. Instead of this they trick people into making mistakes mostly by using fake websites and bad ads that play on their fears about computer problems. Even on secure system like macOS it is important for users to be careful. If anyone wants to stay safe so he/s should avoid typing unknown commands into computer Terminal and use ad blockers and always be cautious about clicking online.

[cryptoaddictchie]

Good reminder here OP! Shamos shows how attackers exploit urgency with fake GitHub repos and malvertising. It goes straight for wallets and sensitive files, so even one careless download can be costly. The safest move is to be patience and stick to official updates, trusted sources, and stay skeptical. I rarely download unwanted files cause everything out there is suspicious until proven safe otherwise.

[Porfirii]

This is why I never trust any single sponsored ads that comes out of google after a few search that I do. Despite that it's not telling in the description about its whole relation to cryptocurrencies.

-snip-

Yeah, me neither: It's as if by pure intuition we automatically avoid clicking on those first results at the top of the page. And one could say that everybody does the same, because it is so obvious! but you only need to be attentive to a gesture as simple as accepting cookies instead of rejecting them to notice that many people don't act rationally.

And there is also the chance to find this result in your search not in the sponsored ads, but below, so yes, we must always keep cautious.

[Aanuoluwatofunmi]

There is a new infostealer malware in the wild that target Mac devices. So if you are using Mac just like me, you need to read this kind of attacks. Researcher called it Shamos, which is another variant of the Atomic macOS Stealer (AMOS).

The victims are being lured by the cyber criminals into malvertising or fake GitHub repositories that utilize ClickFix. They are under the guise of installing a fix problems or your Mac or update a software.

No matter the device we are using, we can't be free from scam because they are everywhere trying to get on their prey, this why it is also important that we must learn to know what to do when it comes to security measures in cryptocurrency, the introduction of malware attacks can come unexpected by us because most of it's victims don't even know that they have such, until such begin to manifest on their device, they exist on windows, Mac and other brands, same also we have attacks of same manner targeting our browsers.

[adultcrypto]

This is a good read Op, I like how you detailed this one with clue on how to avoid being a victim. I think there is a growing increase in attempt to spread different forms of virus specifically targeting iOS because I have seen a lot of post both here and other places about new attackers in that direction. Sometimes I get scared because of these new developments and due to the confusion of not knowing what to do sometimes because they are just too many one have to avoid. I agree with some people who supported the idea of not keeping all portfolio in one wallet and in one device.

[BeavStu]

Thanks for sharing. What is the best way to search your device to make sure you have no malware downloaded?

[sunsilk]

This is why I never trust any single sponsored ads that comes out of google after a few search that I do. Despite that it's not telling in the description about its whole relation to cryptocurrencies.

-snip-

Yeah, me neither: It's as if by pure intuition we automatically avoid clicking on those first results at the top of the page. And one could say that everybody does the same, because it is so obvious! but you only need to be attentive to a gesture as simple as accepting cookies instead of rejecting them to notice that many people don't act rationally.

And there is also the chance to find this result in your search not in the sponsored ads, but below, so yes, we must always keep cautious.

Those who are not fond of it might get to click those still and get baited by these sponsored ads.

Google needs to clean this but I wonder if they really do when it's all about the money that they're getting paid for by these scammers.

If no reports have been made, there won't be any action from them and so if we've got a chance to report their ads, we should help it voluntarily.

[Yaunfitda]

Thanks for sharing. What is the best way to search your device to make sure you have no malware downloaded?

You definitely need to have anti-virus in your laptop, at least a good one and updated so that they will able to caught this malware. Although criminals are always one step ahead, so you also have to be self-aware of their attack vector. Maybe you need to observe that your hardware is somewhat slowing down and acting strange. So that could also be a sign that some malware or virus might have infected your pc already. It's not that 100% though, you still need to just observed and not to click on anything or update your software from unknown source so that the chances are slim that your pc will get any kind of virus or malware or even crypto miner.

[ThemePen]

You definitely need to have anti-virus in your laptop, at least a good one and updated so that they will able to caught this malware. Although criminals are always one step ahead, so you also have to be self-aware of their attack vector. Maybe you need to observe that your hardware is somewhat slowing down and acting strange. So that could also be a sign that some malware or virus might have infected your pc already. It's not that 100% though, you still need to just observed and not to click on anything or update your software from unknown source so that the chances are slim that your pc will get any kind of virus or malware or even crypto miner.

Yes to stay safe online we need to use good updated antivirus program which acts as our first line of defense against harmful software. And we all know very well that no single program can protect us completely. It is also crucial to be smart and careful ourself. For example if our computer starts acting strangely or slowing down it could be sign of problem. Most important thing we can do is to avoid clicking on unknown links or downloading software from untrusted websites as this is how most infections happen. With combining good software with smart habits you can greatly reduce risk of virus or malware attack.

[Patikno]

So again, this is a lesson not to download from unknown sources. Although from time to time, I will search for something if I have a problem on my Mac specially if I'm desperate to solve my issues. But it's obvious not a good strategy as I can potentially downloaded his malware. So everyone should be self-aware.

Most cyberattacks occur due to negligence, in which individuals inadvertently grant access to attackers. I believe attackers are unable to launch a full-scale attack and typically use some form of bait to lure potential victims. So, essentially, we must be careful about what we do, especially regarding our computer activities. Once we grant access, it is over.

Furthermore, there are also cases of carelessness, such as disabling their antivirus software and rarely updating their software, this also leaves them vulnerable to attacks, and this happened to a friend of mine who felt safe doing such things. I knew about it after he asked for help and then I attempted a series of complete wipes of his drive partitions and did some backups securely. Therefore, whatever we do, we should not be reckless, do not be easily tempted by tricks, often check or verify the files that will be downloaded or even those that are already on our computer, because they may have been infected by viruses, and the most important thing is to never turn off the security on the computer, including antivirus security, security on the computer system (any OS), and also the security on the browser we use, because several times I often find dangerous files that have been successfully scanned by the browser I use.

[promise444c5]

..It's as if by pure intuition we automatically avoid clicking on those first results at the top of the page. And one could say that everybody does the same, because it is so obvious! but you only need to be attentive to a gesture as simple as accepting cookies instead of rejecting them to notice that many people don't act rationally.

If the owner still want to do anything shady then Rejecting cookies wont work..that’s if such site does have it in the first place , they likely would put “ Manage cookies” instead of adding the “Reject cookies” making it even harder for users to fully opt-out... so judging people  using that doesn’t seem too fair either..

Those who are not fond of it might get to click those still and get baited by these sponsored ads.

Sometimes it’s not a matter of being fond of it or not , it could just happen unknowingly  even when you’re been careful. I got tricked too recently to the extent I didn’t know it was a sponsor ad. until I posted it here then I get to notice it was likely an ad. We just have to verify more and more before proceeding with a lot of stuffs these days.

[Davidvictorson]

cyber criminals are geniuses. I think that sometimes they just get bored and create stuff. And though it is very bad stuff, I don't want to believe that they are not the ones who operate these malware. I want to think that these cyber criminals already have more than enough money and they are not interested in creating a malware to steal crypto for their own profit but to sell to the highest bidder at the black market. Then they go and upgrade it and sell again once that one has been exposed and dis bounded. That's why we see more of them being reported on the forum for everyone to avoid.

[ultrloa]

cyber criminals are geniuses. I think that sometimes they just get bored and create stuff. And though it is very bad stuff, I don't want to believe that they are not the ones who operate these malware. I want to think that these cyber criminals already have more than enough money and they are not interested in creating a malware to steal crypto for their own profit but to sell to the highest bidder at the black market. Then they go and upgrade it and sell again once that one has been exposed and dis bounded. That's why we see more of them being reported on the forum for everyone to avoid.

Those what you have said is really happening.

See this link below.

https://www.secalliance.com/blog/market-malware-buying-selling-collaborating-criminal-underground and https://cybersecuritynews.com/hackers-selling-malware-on-dark-web/

So its not surprising to see if there's lots of new malware pops out because there are criminals selling their creation to another criminals want to spread to take advantage on someone people innocence.

That's why it will be good that early stage people will be more aware of this existence so that they won't download those questionable but interesting things they see online.