Early in 2023, researchers discovered a new cyber threat Atomic macOS Stealer (AMOS) which is a sophisticated malware, primarily targeting Apple users. Once installed on a victim’s device, AMOS malware has the capability to extract sensitive information, including iCloud Keychain passwords, credit card details, crypto wallets, and various files. While the malware was already a threat, a new report reveals that cyber hackers are now delivering AMOS to Mac users via a fake browser update chain tracked as ‘ClearFake’.
According to Malwarebytes, a cyber threat alarm system company, cyber attackers are using the ClearFake approach to deliver AMOS to Mac users. ClearFake, initially observed in Windows attacks, involves distributing fake Safari and Chrome browser updates through compromised websites. By exploiting this growing network of compromised websites, threat actors are expanding their reach, capturing login credentials and sensitive files of the users who download the malware for immediate financial gain or future attacks.
But what exactly is clear fake and how it is being used as a way to deploy AMOS? Well, the researchers further explain that Clear fake is a type of deepfake that is created by using machine learning to manipulate or generate images or videos in a way that makes it appear as if they are real. This can be done by using techniques such as image splicing, facial recognition, and voice synthesis. Clear fakes can be used for a variety of purposes, including spreading misinformation, creating fake news stories, and impersonating people.
In this case, ClearFake is being used to deploy AMOS, a type of malware that steals information from its victims. The attackers are creating fake websites to inject malicious JavaScript code. Once a user visits such a website, deceptive prompts mimicking legitimate browser updates for Safari or Chrome appear. These prompts are carefully crafted to induce users into clicking, triggering the download and installation of AMOS malware.
Upon clicking the link to the fake update, unsuspecting victims are redirected to a website that surreptitiously downloads and installs AMOS malware onto their unsuspecting computers. Once installed, AMOS stealthily infiltrates the victim’s system, gaining unauthorized access to sensitive information. Its primary objective is to pilfer sensitive data, including iCloud Keychain passwords, credit card details, and cryptocurrency wallets.
The adaptability of ClearFake is indeed concerning as it extends its reach beyond traditional Windows environments to target macOS users. This shift highlights the evolving nature of cyber attack strategies, emphasizing the need for heightened vigilance and proactive measures.
How to stay safe
In order to protect against ClearFake and other evolving threats, it is important to take proactive measures. This includes:
– Avoid downloading software from untrusted or unknown sources: It is crucial to update Safari directly from your Mac’s System Settings or Chrome directly from Google/the Chrome app. Source: India Today