Latest threat report

Atomic macOS Stealer now includes a backdoor for persistent access
Atomic macOS Stealer (AMOS), a popular piece of stealer malware for macOS, has just received a major update. For the first time, it’s being deployed with an embedded backdoor. This change allows attackers...
Jul 4, 2025
12 min read
About Moonlock Lab
Moonlock Lab is a team of security engineers that includes a former cybercrime investigator, a white-hat hacker, and a key figure of an Andy Greenberg book. They detect and study cyber threats daily, beefing up the defenses of Moonlock Engine.
Lab’s researchers have discovered new malware samples and AMOS variants, tracked down stealer developers, and exposed sophisticated malvertising campaigns. Their findings amass thousands of views, get featured in Forbes and Bleeping Computer. And when not chasing cyber threats, our experts hit the stage at RSA Webcast, Virus Bulletin, or Objective for the We.
More About Moonlock
Previous publications

“Anti-Ledger” malware: The battle for Ledger Live seed phrases
Hackers are increasingly exploiting the trust that crypto owners place in cold wallets, turning the very tools meant to secure assets into attack surfaces. The recent ByBit heist has shaken the crypto industry...
May 22, 2025
10 min read

Realtek or real threat? The macOS malware that won’t quit
Suspected North Korean threat actors are targeting macOS users with a recycled — but still dangerous — malware campaign. First spotted in April 2025, this campaign is a subtle evolution of the “Contagious...
May 5, 2025
9 min read

Moonlock’s 2024 macOS threat report
For decades, Apple devices have enjoyed a reputation for being mostly malware-free. However, with a 60 percent increase in market share in the last 3 years alone, macOS has become a prime target...
Dec 3, 2024
14 min read