Atomic Stealer malware advertises itself through ClearFake browser updates disguised as Google’s Chrome and Apple’s Safari.
Anti-malware software provider Malwarebytes has described a new variant of Atomic Stealer (also known as AMOS), which is malware targeting Apple users. The new malware variant, distributed through the fake browser update delivery mechanism ClearFake, advertises itself as updates for Apple’s Safari browser and Google’s Chrome browser. The malware is capable of grabbing a user’s data and sending it to an attacker’s command and control server.
Jérôme Segura, senior director of threat intelligence at Malwarebytes, noted in his post about the attack that ClearFake is actively being updated and that its use of smart contacts in particular makes it “one of the most prevalent and dangerous social engineering schemes.”
“Fake browser updates have been a common theme for Windows users for years, and yet up until now the threat actors didn’t expand onto MacOS in a consistent way,” Segura pointed out.
Jump to:
Atomic Stealer was first advertised as a malware delivery option for threat actors in April 2023. Malwarebytes found in September 2023 that Atomic Stealer was targeting Mac users through fake software updates advertised on Google searches. Atomic Stealer was particularly suited to grabbing passwords and Apple keychain codes used for bitcoin wallets. Atomic Stealer can also lift credit card information.
While Atomic Stealer had been targeting Mac users for some time, ClearFake was historically used only against Windows machines. This is remarkable because ClearFake is one of the first Windows social campaigns made for Windows that then expanded to not only a different geolocation but a different operating system. Security researcher Randy McEoin discovered ClearFake in August 2023.
Security researcher Ankit Anubhav pointed out on Nov. 17 that, while ClearFake had been seen targeting Windows, the Mac version is a new development.
ClearFake is a sequence of malicious websites that purport to offer updates for Safari (Figure A) and Chrome (Figure B). Potential victims will see sites posing as legitimate browser updates.
Figure A
Figure B
Then, the ClearFake scam will deliver Atomic Stealer. Victims who click through to the false updates will download a .dmg file that can steal passwords and extract files.
SEE: Some threat actors have used Apple devices for surveillance over the last year, and it’s a trend that may continue, according to Kaspersky. (TechRepublic)
Malwarebytes found that the following malicious domains are associated with this threat:
The AMOS stealer can be identified using the following indicators:
Security admins or IT pros should keep the following in mind to protect employees from ClearFake and Atomic Stealer:
24World Media does not take any responsibility of the information you see on this page. The content this page contains is from independent third-party content provider. If you have any concerns regarding the content, please free to write us here: contact@24worldmedia.com
Why You Need To Improve Drainage on Your Property
Essential Tips To Shield Your Car Windows From Damage
Warehouse Optimization Tips To Improve Performance
How High-Humidity Climates Affect Pressure Gauges
How Is Global Health Improving Year After Year
Ways That You Can Make Your Land More Useful
Essential Materials Used in the Construction Industry
A Look Into 3 Aspects of Maintaining Wind Turbines
Key Factors To Know Before Using IoT Solutions
Avoiding Hazards: How Vehicle Manufacturers Keep People Safe