{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/products/atomic-macos-stealer-amos/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["Atomic macOS Stealer (AMOS)"],"_cs_severities":["high"],"_cs_tags":["malware","social-engineering","ai-platforms"],"_cs_type":"advisory","_cs_vendors":["Hugging Face","Acronis"],"content_html":"\u003cp\u003eThreat actors are leveraging AI distribution platforms like Hugging Face and ClawHub to distribute malware. This involves social engineering tactics to deceive users into downloading files that contain malicious code. Instead of directly compromising AI agents, the attackers abuse user trust by injecting indirect prompts into resources that the AI accesses. Acronis reported that on ClawHub, nearly 600 malicious skills across 13 developer accounts were identified distributing trojans, cryptominers, and information stealers targeting both Windows and macOS. On Hugging Face, attackers created repositories hosting malicious files designed to stage multi-step infection chains leading to infostealers, trojans, malware loaders, and other types of malware targeting Windows, Linux, and Android. This tactic allows attackers to bypass traditional security measures and leverage the platforms\u0026rsquo; reputation for trusted AI tooling.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker creates a malicious repository or skill on Hugging Face or ClawHub.\u003c/li\u003e\n\u003cli\u003eThe repository or skill contains files that appear legitimate but include malicious code.\u003c/li\u003e\n\u003cli\u003eThe attacker uses social engineering to entice users to download the files.\u003c/li\u003e\n\u003cli\u003eUpon execution, the malicious code fetches additional payloads from external sources.\u003c/li\u003e\n\u003cli\u003eFor macOS, the payload can be Atomic macOS Stealer (AMOS) Stealer.\u003c/li\u003e\n\u003cli\u003eThe downloaded payload executes commands to install hidden dependencies.\u003c/li\u003e\n\u003cli\u003eThe malware establishes persistence on the victim\u0026rsquo;s system.\u003c/li\u003e\n\u003cli\u003eThe malware performs its intended malicious actions, such as stealing information or mining cryptocurrency.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful attacks can lead to the installation of various types of malware, including infostealers, trojans, cryptominers, and malware loaders. The targeted platforms include Windows, macOS, Linux, and Android, potentially impacting a wide range of users and systems. The abuse of trust in AI distribution platforms poses a significant risk, as users may be less likely to scrutinize files from these sources. Acronis identified close to 600 malicious skills on ClawHub alone, indicating the scale of this threat.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor process creation events for execution of downloaded files from Hugging Face or ClawHub with unusual parent processes using the \u0026ldquo;Detect Suspicious Process Execution from AI Platforms\u0026rdquo; Sigma rule.\u003c/li\u003e\n\u003cli\u003eImplement network monitoring to detect connections to known malicious domains or IPs associated with malware distribution campaigns that originate from processes associated with AI platform tooling.\u003c/li\u003e\n\u003cli\u003eEducate users about the risks of downloading files from untrusted sources, even on trusted platforms like Hugging Face and ClawHub.\u003c/li\u003e\n\u003cli\u003eRegularly scan systems for known malware signatures and indicators of compromise associated with infostealers and trojans.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-01T08:41:57Z","date_published":"2026-05-01T08:41:57Z","id":"/briefs/2026-05-huggingface-clawhub-malware/","summary":"Threat actors are using social engineering to distribute malware via AI distribution platforms such as Hugging Face and ClawHub by tricking users into downloading malicious files, which leads to malware infections on Windows, macOS, Linux, and Android systems.","title":"Malware Distribution via Hugging Face and ClawHub","url":"https://feed.craftedsignal.io/briefs/2026-05-huggingface-clawhub-malware/"}],"language":"en","title":"CraftedSignal Threat Feed — Atomic MacOS Stealer (AMOS)","version":"https://jsonfeed.org/version/1.1"}