MacOS targeted by ClearFake malware campaign

A data-stealing program that targets Mac operating systems (OS) is being distributed to unsuspecting targets by means of fake web browser updates, Malwarebytes has warned.

The Atomic Stealer (AMOS) malware was recently spotted using the “ClearFake” browser update chain, in what Malwarebytes says is a departure from its usual techniques, tactics, and procedures. Mimicked browsers include Safari and Google Chrome.

“AMOS is now being delivered to Mac users via a fake browser update chain tracked as ‘ClearFake,’” said the cybersecurity company. “This may very well be the first time we see one of the main social engineering campaigns, previously reserved for Windows, branch out not only in terms of geolocation but also operating system.”

Fake Safari browser update screenshot
Fake Safari browser update used to lure victims in the ClearFake campaign

This isn’t the first time AMOS has shown up on Malwarebytes’ radar. In September, it detected the infostealer program being transmitted to the unwary through bogus ads that tricked victims into downloading it.

And as the malware spreads, it could mean the criminals behind it benefit from a snowball effect that sees yet more cybercriminality on the web.

“With a growing list of compromised sites at their disposal, the threat actors are able to reach out [to] a wider audience, stealing credentials and files of interest that can be monetized immediately or repurposed for additional attacks,” said Malwarebytes.

The ClearFake malware campaign was first detected and named by cybersecurity researcher Randy McEoin in August and is thought to have gone through multiple upgrades since, leading Malwarebytes to conclude that it is “one of the most prevalent and dangerous social engineering schemes.”

The Malwarebytes report highlights once again that MacOS is increasingly looking to be just as vulnerable to cyberattacks as Windows.

“Fake browser updates have been a common theme for Windows users for years, and yet up until now, the threat actors didn’t expand onto MacOS in a consistent way,” said Malwarebytes. “The popularity of stealers such as AMOS makes it quite easy to adapt the payload to different victims, with minor adjustments.”

More from Cybernews:

Ransomware the script kiddies want to Play with

Enterprise software provider Tmax leaks 2TB of data

Binance CEO resigns after pleading guilty to money laundering violations

Russia leads in content removal requests to Google

The Grinch stole the Holidays: how bots affect Black Friday

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked