The notorious Atomic malware – a known macOS stealer – again targets Mac devices. In the recent “ClearFake” campaigns, the malware reaches the victim system via fake browser updates.
Atomic Mac Stealer Runs New Malicious Campaigns
Researchers from Malwarebytes have shed light on a new malware campaign targeting Mac devices. Identified as “ClearFake,” the campaign typically utilizes social engineering to trick victim users into downloading the malware. The threat actors behind this campaign have ensured precise designing of the attack, as evident from the campaign’s successful attacks for the past few months.
As explained, ClearFake first caught the attention of the researcher Randy McEoin in August this year, when the campaign actively targeted various websites to lure victims into downloading fake browser updates.
Since then, the campaign exhibited numerous upgrades to include various functionalities. It even exploited Binance Smart Chain contracts to distribute the payload to Windows systems sneakily. Guardio Labs dubbed this technique “EtherHiding” in their post elaborating on the attack.
Now, the campaign aims at Mac devices to deliver the Atomic stealer malware, as the researcher Ankit Anubhav highlighted.
Atomic macOS Stealer, aka AMOS, is a potent malware with data-stealing capabilities. It can steal various types of information from the target systems, ranging from stored passwords to crypto wallets. When discovered, the malware targeted Mac systems via malicious Telegram channels. And now, the ClearFake campaign preys on Mac users via fake Safari browser updates. Upon reaching the target devices, the malware extracts sensitive information, including crypto wallets, passwords, documents, and keys.
Malwarebytes has shared the detailed technical analysis of this campaign in their post. They also urge Mac users to improve their devices’ security with appropriate anti-malware solutions and web protection tools and implement cybersecurity best practices to avoid becoming a victim of tricky social engineering attacks such as the ClearFake.
Let us know your thoughts in the comments.