COOKIE SPIDER’s Malvertising Drops New SHAMOS macOS Malware

CrowdStrike reports COOKIE SPIDER using malvertising to spread SHAMOS macOS malware (a new variant of AMOS infostealer), stealing credentials, crypto wallets, and targeting 300+ environments.

Between June and August this year, macOS users looking for solutions to routine technical issues were targeted by a campaign run by the cybercrime group COOKIE SPIDER. The attackers purchased ads that appeared as legitimate help sites, but instead of offering real fixes, these sites instructed visitors to run a one-line command in Terminal. That command delivered SHAMOS, a new variant of the AMOS infostealer, onto their systems.

For your information, one-line installation command is a technique that cybercriminals increasingly prefer because it bypasses macOS Gatekeeper security checks, allowing the malware to install without triggering warnings. Previous malware attacks on macOS devices, especially the one carried out through Cuckoo Stealer and earlier AMOS variants, used the same approach.

According to cybersecurity researchers at CrowdStrike, who ...