New Apple Passwords Attack Confirmed — What You Need To Know
Although it is far more commonplace to read about password attacks against users of the Windows operating system, or targeting services such as Gmail, the truth of the matter is that nobody is safe from the credential-theft threat as this newly confirmed Apple password-stealing attack illustrates. Here's what you need to know about the AMOS campaign targeting macOS users.
The latest adversary intelligence report from Koushik Pal, a threat researcher at CloudSEK, has warned users that a newly identified Atomic macOS stealer campaign utilizing a previously unknown variant has been observed targeting the Apple operating system.
Although this latest and ongoing threat leverages well-known existing tactics and techniques, such as the Clickfix fake CAPTCHA screen and multi-platform social engineering, the danger it poses to macOS users remains high nonetheless.
Better known as AMOS, this latest variant of the Atomic macOS Stealer has been observed using Clickfix attack sites that impersonate a U.S. support services company within the cable TV, internet provision, mobile phone, and managed services sectors. The brand impersonation in this case is made possible by way of typo-squatting domains that appear similar to the genuine article.
'The macOS users are served a malicious shell script designed to steal system passwords and download an AMOS variant for further exploitation,' Pal warned. This script then uses native macOS commands to 'harvest credentials, bypass security mechanisms, and execute malicious binaries.' This is, to be fair, as significant a threat to your Apple passwords as you are going to get.
Targeting both consumer and corporate users, and highlighting a trend in such multi-platform social engineering attacks, Pal said that source code comments suggested that Russian-speaking cybercriminals are behind the new AMOS threat campaign.
The AMOS malware utilises legitimate utilities to circumvent endpoint security controls and extract macOS user passwords, which can then be used for lateral movement or sold to initial access brokers for use in other cybercriminal campaigns, including ransomware attacks.
Users should be educated about the tactics used by such Apple passwords-stealing campaigns, Pal recommended by way of mitigation, 'especially those disguised as system verification prompts.'
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Android Authority
16 minutes ago
- Android Authority
Got a weird security text from T-Mobile? It's genuine, but you're right to worry
Edgar Cervantes / Android Authority TL;DR T-Mobile is sending users an SMS asking them to update their PIN, email, and security questions. Subscribers are rightly worried about the legitimacy of the text that includes a clickable link. While the text is very much from T-Mobile, it's making users uneasy thanks to text scams that have become so common these days. Many T-Mobile customers are reporting that they've received a text message asking them to update their PIN, email, and security questions in order 'to keep your account safe.' The message includes a clickable link that appears to be an official T-Mobile address, but users are worried about tapping it. While the link is actually genuine, we checked, and it directs to a real T-Mobile domain, the SMS alert has made users uneasy thanks to text scams that have become so common these days. Phishing attempts that mimic official company messages are rampant, and they often use the same urgent tone and clickable links to lure victims. It would be better if companies stopped sending out such SMS alerts encouraging users to click on links they can't easily trust. For many, this message ticks all the usual 'scam' boxes. Reddit 'Companies: beware of unsolicited texts that look suspicious. Companies: Sends unsolicited texts that look suspicious,' a user wrote on Reddit. 'This is legit? I clicked the link, assuming it was, although I didn't put any login information to the page it took me to. Waiting for a call back from T-Mobile to see if the message was real or if all my information just got leaked. Changed my bank password already just incase, wrote another skeptical user. Don't want to miss the best from Android Authority? Set us as a preferred source in Google Search to support us and make sure you never miss our latest exclusive reports, expert analysis, and much more. The confusion is understandable. Security experts have long warned that scam texts are sometimes indistinguishable from legitimate-looking texts officially sent by companies. If you have received the above message from T-Mobile but don't want to click on the link, there's a safer way to take the same actions that the message recommends. Just log in directly to your T-Mobile account through the official website or use the T-Life app to make the recommended security changes to your account. This way, you can update your account details without ever touching the link, even though it is legitimate. Follow
TechCrunch
16 minutes ago
- TechCrunch
ChatGPT's model picker is back, and it's complicated
When OpenAI launched GPT-5 last week, the company said the model would simplify the ChatGPT experience. OpenAI hoped GPT-5 would act as a sort of 'one size fits all' AI model with a router that would automatically decide how to best answer user questions. The company said this unified approach would eradicate the need for users to navigate its model picker — a long, complicated list of AI models that OpenAI CEO Sam Altman has said he hates — to pick a version of ChatGPT that offers the right kind of responses. But it looks like GPT-5 is not the unified AI model OpenAI hoped it would be. Altman said in a post on X Tuesday that the company introduced new 'Auto', 'Fast', and 'Thinking' settings for GPT-5 that all ChatGPT users can select from the model picker. The Auto setting seems to work like GPT-5's model router that OpenAI initially announced; however, the company is also giving users options to circumnavigate it, allowing them to access fast and slow responding AI models directly. Updates to ChatGPT: You can now choose between 'Auto', 'Fast', and 'Thinking' for GPT-5. Most users will want Auto, but the additional control will be useful for some people. Rate limits are now 3,000 messages/week with GPT-5 Thinking, and then extra capacity on GPT-5 Thinking… — Sam Altman (@sama) August 13, 2025 Alongside GPT-5's new modes, Altman said that paid users can once again access several legacy AI models — including GPT-4o, GPT-4.1, and o3 — which were deprecated just last week. 'We are working on an update to GPT-5's personality which should feel warmer than the current personality but not as annoying (to most users) as GPT-4o,' Altman wrote in the post on X. 'However, one learning for us from the past few days is we really just need to get to a world with more per-user customization of model personality.' ChatGPT's model picker now seems to be as complicated as ever, suggesting that GPT-5's model router has not universally satisfied users as the company hoped. The expectations for GPT-5 were sky high, with many hoping that OpenAI would push the limits of AI models like it had with the launch of GPT-4. However, GPT-5's rollout has been rougher than expected. The deprecation of GPT-4o and other AI models in ChatGPT sparked a backlash among users who had grown attached to the AI models' responses and personalities in ways that OpenAI had not anticipated. In the future, Altman says the company will give users plenty of advance notice if it ever deprecates GPT-4o. Techcrunch event Tech and VC heavyweights join the Disrupt 2025 agenda Netflix, ElevenLabs, Wayve, Sequoia Capital, Elad Gil — just a few of the heavy hitters joining the Disrupt 2025 agenda. They're here to deliver the insights that fuel startup growth and sharpen your edge. Don't miss the 20th anniversary of TechCrunch Disrupt, and a chance to learn from the top voices in tech — grab your ticket now and save up to $600+ before prices rise. Tech and VC heavyweights join the Disrupt 2025 agenda Netflix, ElevenLabs, Wayve, Sequoia Capital — just a few of the heavy hitters joining the Disrupt 2025 agenda. They're here to deliver the insights that fuel startup growth and sharpen your edge. Don't miss the 20th anniversary of TechCrunch Disrupt, and a chance to learn from the top voices in tech — grab your ticket now and save up to $675 before prices rise. San Francisco | REGISTER NOW GPT-5's model router also appeared to be largely broken on launch day. That caused some users to feel the AI model wasn't as performant as previous OpenAI models, and forced Altman to address the problem in an AMA session on Reddit. However, it seems that GPT-5's router may still not be satisfying for all users. 'We're not always going to get everything on try #1 but I am very proud of how quickly the team can iterate,' wrote OpenAI's VP of ChatGPT, Nick Turley, in a post on X Tuesday. Routing prompts to the right AI model is a difficult task that requires aligning an AI model to a user's preferences, as well as the specific question they're asking. The router then has to make a decision on which AI model to send the prompt to in just a split second — that way, if a prompt goes to a fast responding AI model, the response can still be fast. More broadly, some people exhibit preferences for AI models that go beyond fast or slow responses. Some users may like the verbosity of one AI model, while others might appreciate the contrarian answers of another. Human attachment to certain AI models is a relatively new concept that isn't well understood. For example, hundreds of people in San Francisco recently held a funeral for Anthropic's AI model, Claude 3.5 Sonnet, when it was taken offline. In other cases, AI chatbots seem to be contributing to mentally unstable people going down psychotic rabbit holes. It seems OpenAI has more work to do around aligning its AI models to individual user preferences.
Wall Street Journal
17 minutes ago
- Wall Street Journal
China's Lead in Open-Source AI Jolts Washington and Silicon Valley
China's ambition to turn its open-source artificial-intelligence models into a global standard has jolted American companies and policymakers, who fear U.S. models could be eclipsed and are mobilizing their responses to the threat. Chinese advances in AI have come one after another this year, starting with the widely heralded DeepSeek and its R1 reasoning model in January. This was followed by Alibaba's 9988 3.34%increase; green up pointing triangle Qwen and a flurry of others since July, with names such as Moonshot, and MiniMax.
