If you bought a Mac at some point because you thought it would be more secure than a Windows device, you certainly had a lot of company in that thinking.

All that company isn’t going to help you, though, if you fall prey to threats like the Atomic macOS Stealer, also known as AMOS.

Researchers have recently noticed a distribution campaign targeting users of the OpenClaw IA agent framework. Whereas these campaigns used to depend on malicious software or bogus advertising outreaches, they’re now getting in by weaponizing agentic AI.

Essentially, they upload hundreds of malicious “skills” to repositories like ClawHub and SkillsMP, which prompt the AI agents to download fake interface tools that trick users into entering their administrative password.

Now the malware can get into pretty much everything. It’s a very Mac-specific attack.

It’s all about the attackers understanding how the AI agent “learns,” and “teaching” it behaviors that get the AI agent to do the bidding of the attackers. At the core of this attack strategy is convincing the AI agent to read and comprehend content it never should have trusted in the first place.

So what can you do?

• The first step is to treat AI agent repositories as high-risk, and audit the use of agentic AI tools on company devices to ensure they are only used on sanctioned, vetted frameworks.

• Second, make sure developers and researchers who are using experimental AI agents are using them on machines that cannot connect back to the main network. That way if anything malicious turns up, it’s isolated and can’t infect the rest of your system. These are known as sandbox environments.

• Third, teach your people not to trust requests for administrative passwords, especially to facilitate tasks that are supposed to be automated. Legitimate AI agents don’t make such requests.

• You can also monitor and block outbound traffic to known AMOS command and control infrastructure. And if you emphasize the use of hardware-based security keys instead of disk-stored secrets, you’ll deny the attacker an easy way to access corporate resources because he will not be able to get past the physical hardware requirement.

If you need help setting all this up, we know exactly what to do. Reach out to dacarey@cybersynergies.io or call 616.600.4018.