Atomic Stealer Malware AMOS Spread to Mac Users Via Fake Browser Update Chain Tracked As ClearFake: Report

The ClearFake campaign began in July of this year, with the goal of targeting Windows users with bogus Chrome update prompts that appear on compromised sites via JavaScript injections.

Cyberattack Representational Image (Photo Credits : Pixabay)

San Francisco, November 27: Threat actors are delivering Atomic Stealer malware, also known as AMOS, to Mac users via a fake browser update chain tracked as "ClearFake", a new report has found. According to the cybersecurity company Malwarebytes, ClearFake is a newer malware campaign that leverages compromised websites to distribute fake browser updates.

"With a growing list of compromised sites at their disposal, the threat actors are able to reach out to a wider audience, stealing credentials and files of interest that can be monetised immediately or repurposed for additional attacks," the researchers said. On November 17, security researcher Ankit Anubhav observed that ClearFake was dispersed to Mac users as well with a corresponding payload. Israel-Palestine Conflict: Elon Musk To Meet Israel President Isaac Herzog and Representatives of Families of Hostages Held By Hamas in Gaza To Defuse Growing Outrage.

The ClearFake campaign began in July of this year, with the goal of targeting Windows users with bogus Chrome update prompts that appear on compromised sites via JavaScript injections. According to the report, these attacks utilise a Safari update bait along with the standard Chrome overlay.

"The payload is made for Mac users, a DMG file purporting to be a Safari or Chrome update. Victims are instructed on how to open the file which immediately runs commands after prompting for the administrative password," according to the researchers. In a file accessed by the researchers, they looked at the strings from the malicious application and saw those commands, which include password and file-grabbing capabilities. Google’s Appeal Against Competition Commission of India’s Rs 936 Crore Penalty Delayed by NCLAT, Says Report.

In the same file, they found the malware’s command and control server where the stolen data was sent to. "Because ClearFake has become one of the main social engineering campaigns recently, Mac users should pay particular attention to it. We recommend leveraging web protection tools to block the malicious infrastructure associated with this threat actor," the researchers suggested.

(The above story first appeared on LatestLY on Nov 27, 2023 12:11 PM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website latestly.com).

Share Now

Share Now