AMOS Stealer Attacks Claude Code Users via EvilTokens

A multi-stage attack presents significant challenges for security teams, as it deliberately fragments its compromise to evade detection. The threat obfuscates scripts and encoded payloads while abusing native macOS components. This approach creates weak, isolated signals that can significantly delay triage and escalation efforts.

For the EvilTokens threat, organizations should audit Microsoft Entra ID sign-in logs for device code authentication flows originating from unfamiliar devices or locations, implement Conditional Access policies restricting the Device Code grant type, and regularly rotate OAuth tokens for high-privilege accounts.

For the macOS ClickFix/AMOS campaign, defenders should block execution of unsigned scripts from terminal prompts via MDM policy, monitor for outbound WebSocket connections from developer endpoints, and deploy endpoint detection tuned to ~/.mainhelper persistence mechanisms and AMOS behavioral patterns, including Keychain access and bulk credential file reads.

Both campaigns highlight a broader March 2026 trend: attackers are deliberately weaponizing trusted infrastructure and normal-looking workflows legitimate Microsoft pages, Google Ads, and authentic AI tool documentation to push detection signals below the threshold where security teams can act quickly enough to prevent escalation.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.