{"id":220767,"date":"2025-08-23T08:17:51","date_gmt":"2025-08-23T13:17:51","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/08\/fake-mac-fixes-trick-users-into-installing-new-shamos-infostealer"},"modified":"2025-08-23T08:17:51","modified_gmt":"2025-08-23T13:17:51","slug":"fake-mac-fixes-trick-users-into-installing-new-shamos-infostealer","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/08\/fake-mac-fixes-trick-users-into-installing-new-shamos-infostealer","title":{"rendered":"Fake Mac fixes trick users into installing new Shamos infostealer"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/fake-mac-fixes-trick-users-into-installing-new-shamos-infostealer.jpg\"><\/a><\/p>\n<p>A new infostealer malware targeting Mac devices, called \u2018Shamos,\u2019 is targeting Mac devices in ClickFix attacks that impersonate troubleshooting guides and fixes.<\/p>\n<p>The new malware, which is a variant of the Atomic macOS Stealer (AMOS), was developed by the cybercriminal group \u201cCOOKIE SPIDER,\u201d and is used to steal data and credentials stored in web browsers, Keychain items, Apple Notes, and cryptocurrency wallets.<\/p>\n<p>CrowdStrike, which detected Shamos, <a href=\"https:\/\/www.crowdstrike.com\/en-us\/blog\/falcon-prevents-cookie-spider-shamos-delivery-macos\/\" target=\"_blank\" rel=\"nofollow noopener\">reports<\/a> that the malware has attempted infections against over three hundred environments worldwide that they monitor since June 2025.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A new infostealer malware targeting Mac devices, called \u2018Shamos,\u2019 is targeting Mac devices in ClickFix attacks that impersonate troubleshooting guides and fixes. The new malware, which is a variant of the Atomic macOS Stealer (AMOS), was developed by the cybercriminal group \u201cCOOKIE SPIDER,\u201d and is used to steal data and credentials stored in web browsers, [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1761,34],"tags":[],"class_list":["post-220767","post","type-post","status-publish","format-standard","hentry","category-cryptocurrencies","category-cybercrime-malcode"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/220767","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=220767"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/220767\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=220767"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=220767"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=220767"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}