BEWARE: Atomic macOS Stealer Malware Appears as Fake Safari, Chrome Updates

The #ClearFake campaign is out to get Macs infected.

Do not believe everything you see online and always be vigilant, as the return of notorious Mac malware is back at it again, now pushing for a fake Safari and Google Chrome browser update that installs the infection. The Atomic macOS Stealer (AMOS) was recently discovered to have found a new way of installing itself on your computer, and this is by tricking users into updating their PCs.

Atomic macOS Stealer Malware: Fake Safari, Chrome Updates

A new report by Malwarebytes is seeing a return of one of the most dangerous Mac malware there is, and this is with the AMOS now masquerading as fake Safari and Google Chrome updates. It was regarded that the latest campaign is under the so-called "#ClearFake," with this centering on the AMOS that is targeting Mac computers in its recent outing.

Fake Safari Update
Malwarebytes

Malwarebytes shared screenshots of the web pages that offer the update, and they are hauntingly good copies of legitimate update pages from both platforms. However, for its Safari update, it shows the old logo of the Apple browser which may tell users that it is off.

On the other hand, Google's Chrome update page is more convincing, but it centers on an urgent message that uses an exclamation point (!) which signals that it is a fake one.

Fake Chrome Update
Malwarebytes

Beware of the New ClearFake Campaign that Infects Mac

Ankit Anubhav was the security researcher who discovered it most recently, stating that it is part of the ClearFake campaign which originally started as a threat to the Binance blockchain. However, Anubhav regarded that it is not exclusive to Windows, as the AMOS is packaged on these fake websites, and will arrive as OSX DMG files that would install on Macs.

It is important to update your browser via official websites and through your Mac's System Settings to avoid the malware.

AMOS and its Threats to Apple's Computers

For a long time now, Mac has seen massive attacks from renowned threat actors and groups looking to steal data, information, and people's identities for their gain. Researchers have previously flagged the infamous Atomic macOS Stealer which made its rampant campaign earlier this year, making its name known as it is capable of stealing iCloud Keychain passwords, payment information, and more.

It was also recently flagged by reports about how it embedded itself in Google's search ads, and this is through taking advantage of compromised accounts to avoid security checks of the internet company. After that, users are led to phishing sites to steal their login credentials, but in some cases, also deploy the AMOS for unsuspecting Mac users to install the malware.

The threat of AMOS is real, and this massive campaign called "ClearFake" is looking to expand more of its reach to infect Macs, now done in another ingenious way to reel people in. Do not believe these unverified and dubious URLs that claim Safari and Chrome's update, and despite the almost-legitimate looking sites, it is possible to avoid the grave consequences they bring.

Isaiah Richard
Tech Times
ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics