What’s new: A new infostealer malware named ‘Shamos’ is targeting Mac devices through ClickFix attacks, which impersonate troubleshooting guides. Developed by the cybercriminal group “COOKIE SPIDER,” Shamos is a variant of the Atomic macOS Stealer (AMOS) and is designed to steal sensitive data from web browsers, Keychain items, Apple Notes, and cryptocurrency wallets. The malware has attempted infections in over 300 environments since June 2025.
Who’s affected
Mac users who are misled by malvertising or fake GitHub repositories into executing shell commands in the macOS Terminal are at risk. The malware exploits users seeking help for common macOS issues.
What to do
- Do not execute commands found online unless you fully understand their function.
- Avoid sponsored search results for troubleshooting; instead, seek assistance from the Apple Community forums or the built-in Help feature.
- Educate users about ClickFix attacks and the risks of downloading software from unverified sources.
