AMOS Stealer Exploits AI Platform Trust to Target Cryptocurrency Wallets on macOS

Cybersecurity researchers at Huntress have uncovered a sophisticated malware campaign that weaponizes trust in artificial intelligence platforms to distribute the AMOS Stealer, a credential-harvesting Trojan specifically targeting macOS users with cryptocurrency holdings. The campaign, detailed in a December 9, 2025 report, reveals how threat actors are poisoning AI-generated search results and leveraging the growing reliance on tools like ChatGPT and Grok to distribute malware that drains digital wallets.

The Exploit Mechanics

The AMOS Stealer campaign operates through a multi-layered social engineering chain that begins with AI poisoning. Threat actors manipulate search engine optimization and AI-generated responses to surface malicious links when users search for popular software downloads, trading tools, or crypto-related applications. When a macOS user clicks the poisoned link, they are directed to a convincing landing page that mimics a legitimate software installer.

Once the victim downloads and executes the malicious DMG file, AMOS Stealer deploys its payload with alarming speed. The malware operates with root-level privileges on compromised systems, scanning for over 50 different cryptocurrency wallet extensions and applications. It targets browser-based wallets including MetaMask, Phantom, Coinbase Wallet, and Trust Wallet, as well as desktop applications like Electrum and Ledger Live. The stealer extracts private keys, seed phrases, and stored credentials before the user realizes anything is wrong.

What makes this campaign particularly dangerous is its abuse of AI platform credibility. Users who have grown accustomed to trusting AI-generated recommendations are less likely to scrutinize the links provided. The malware operators exploit this behavioral shift, embedding their malicious payloads within seemingly authoritative AI responses that reference popular cryptocurrency tools.

Affected Systems

The campaign primarily targets macOS systems running recent versions of the operating system, taking advantage of the platform’s reputation for security to lower user defenses. Cryptocurrency users on macOS are especially vulnerable because many rely on browser-based wallet extensions for daily transactions with Bitcoin trading at $92,691 and Ethereum at $3,321 according to CoinMarketCap data from December 9, 2025.

The malware specifically scans for credentials and session tokens across Chrome, Safari, and Firefox browsers. It harvests cookies that maintain authenticated sessions on centralized exchanges including Binance, Coinbase, and Kraken. With stolen session tokens, attackers can bypass two-factor authentication on some platforms, gaining full access to trading accounts and linked bank accounts.

Additionally, AMOS Stealer targets system keychain data on macOS, extracting stored passwords and certificates that may provide access to email accounts, cloud storage, and other sensitive services connected to cryptocurrency operations.

The Mitigation Strategy

Huntress recommends a multi-pronged approach to defend against AMOS Stealer and similar AI-poisoning campaigns. First, organizations and individual users should implement endpoint detection and response solutions capable of identifying the behavioral patterns associated with credential-stealing malware, even when the payload is obfuscated or previously unseen.

Second, browser hardening is essential. Users should disable automatic extension installation, review installed extensions regularly, and use hardware wallets for storing significant cryptocurrency holdings. The gap between online convenience and security remains the primary attack surface for campaigns like AMOS.

Third, security teams should monitor for the specific indicators of compromise associated with AMOS Stealer, including unusual DNS requests to known command-and-control infrastructure, unexpected network connections during off-hours, and rapid file system access patterns that indicate credential harvesting.

Lessons Learned

The AMOS Stealer campaign underscores a fundamental shift in the threat landscape. As AI platforms become primary information sources, they also become high-value targets for manipulation. The crypto community, which has always operated at the intersection of technology and trust, faces an amplified risk because AI poisoning can scale social engineering attacks far beyond what individual phishing campaigns could achieve.

The convergence of AI trust exploitation and cryptocurrency theft represents a new chapter in digital asset security. With Bitcoin commanding a market cap exceeding $1.85 trillion and the total crypto market valued at over $3.3 trillion as of December 2025, the financial incentive for attackers will only grow. Security awareness must evolve beyond traditional phishing detection to include critical evaluation of AI-generated recommendations and automated information sources.

User Action Required

If you use macOS for cryptocurrency activities, take immediate steps to protect your assets. Verify all software downloads through official developer websites rather than following links from AI-generated responses. Enable hardware wallet usage for any holdings exceeding what you can afford to lose. Run a reputable endpoint security solution on your Mac, and audit your browser extensions for any unrecognized additions. Finally, review your exchange accounts for unauthorized session tokens and force-logout all devices as a precaution.

Disclaimer: This article is for informational purposes only and does not constitute financial or security advice. Always consult with qualified cybersecurity professionals for personalized guidance.