After exposing Windows to threat, Cyber hackers are now delivering AMOS to Mac users via a fake browser update chain tracked as ‘ClearFake’.
Discovered in early 2023, this a new cyber threat Atomic macOS Stealer (AMOS) is a sophisticated malware, primarily targeting Apple users. Once installed on a victim’s device, AMOS malware has the capability to extract sensitive information, including iCloud Keychain passwords, credit card details, crypto wallets, and various files.
According to Malwarebytes, a cyber threat alarm system company, cyber attackers are using the ClearFake approach to deliver AMOS to Mac users. ClearFake, initially observed in Windows attacks, involves distributing fake Safari and Chrome browser updates through compromised websites.
By exploiting this growing network of compromised websites, threat actors are expanding their reach, capturing login credentials and sensitive files of the users who download the malware for immediate financial gain or future attacks.
Researchers say ClearFake is a type of deepfake that is created by using machine learning to manipulate or generate images or videos in a way that makes it appear as if they are real. This can be done by using techniques such as image splicing, facial recognition, and voice synthesis. ClearFake can be used for a variety of purposes, including spreading misinformation, creating fake news stories, and impersonating people.
In this case, ClearFake is being used to deploy AMOS. The attackers are creating fake websites to inject malicious JavaScript code. Once a user visits such a website, deceptive prompts mimicking legitimate browser updates for Safari or Chrome appear. These prompts are carefully crafted to induce users into clicking, triggering the download and installation of AMOS malware.
Upon clicking the link to the fake update, unsuspecting victims are redirected to a website that surreptitiously downloads and installs AMOS malware onto their unsuspecting computers.
The adaptability of ClearFake is indeed concerning as it extends its reach beyond traditional Windows environments to target macOS users. This shift highlights the evolving nature of cyber attack strategies, emphasising the need for heightened vigilance and proactive measures.
In order to protect against ClearFake and other evolving threats, it is important to take proactive measures. This includes avoiding downloading software from untrusted or unknown sources. It is crucial to update Safari directly from your Mac’s System Settings or Chrome directly from Google/the Chrome app.
Also it is important to exercise caution when prompted to bypass macOS GateKeeper protections. If an application requests you to bypass these protections, it should raise a red flag, and users should proceed with caution.
Additionally, check the legitimacy of the source before downloading an app outside the Mac App Store. Verify the creation date of the website to ensure it is legitimate.
Keeping operating systems and software up to date is another way to safety. This is essential to ensure that security vulnerabilities are patched and that the latest security features are in place.
Also Read: Hardik Pandya Migrates From GT To Rejoin MI For IPL 2024
