After Deepfake, Researchers Warn Windows and Mac Users on ClearFake and Browse Update Risk

In early 2023, researchers found Atomic macOS Stealer (AMOS), a sophisticated malware targeting Apple users. Once installed on the victim’s device, AMOS can extract sensitive data, such as iCloud Keychain passwords, crypto wallets, and credit card details. A recent report indicates cyber hackers are distributing AMOS to Mac users through a fake browser update chain known as “ClearFake.”

Malwarebytes reports that cyber attackers use the ClearFake method to deliver AMOS on Macs. Initially seen in Windows attacks, ClearFake uses fake Safari and Chrome updates on compromised websites. This exploits a broader network, enabling threat actors to capture user credentials and sensitive files for immediate profit or future attacks.

ClearFake – An Insight into its Role in AMOS Deployment

The researchers elaborate that ClearFake is a form of deepfake generated through machine learning, manipulating images or videos to make them appear as if they are real. Techniques like image splicing, facial recognition, and voice synthesis are used. ClearFakes are used for several objectives, like spreading misinformation and crafting fake news stories to impersonate individuals.

Unveiling the Tactics: ClearFake’s Malicious Pathways for Installing Malware

In this instance, ClearFake is used for deploying AMOS, a malware variant designed to extract information from its targets illicitly. The attackers establish fake websites to inject malicious JavaScript code. When users visit these sites, they encounter deceptive prompts mimicking legitimate browser updates for Safari or Chrome. Crafted to deceive, these prompts entice users to click, initiating the download and installation of the AMOS malware.

Upon clicking the fake update link, unsuspecting users are redirected to a site that discreetly downloads and installs AMOS onto their computers. Once infiltrated, AMOS operates covertly, gaining unauthorized access to sensitive data, including iCloud Keychain passwords, credit card details, and cryptocurrency wallets.

ClearFake’s adaptability raises concerns, expanding its impact from traditional Windows environments to target macOS users. This shift underscores the dynamic nature of cyberattack strategies, emphasizing the importance of heightened vigilance and proactive security measures.

Precautions to Stay Safe

To protect against ClearFake and emerging threats, it is imperative to adopt proactive security measures. This involves:

• To protect against ClearFake and emerging threats, it is imperative to adopt proactive security measures. This involves: Prevent downloading software from untrusted or unfamiliar sources: It is vital to update Safari directly from your Mac’s System Settings or Chrome directly from Google or the Chrome app.
• Exercising caution when prompted to bypass macOS GateKeeper protections: If an application requests you to avoid these protections, it should raise a warning, encouraging users to proceed with care.
• Verifying the source’s legitimacy before downloading an app outside the Mac App Store: Ensure the website’s creation date is valid to establish its legitimacy.
• Maintaining up-to-date operating systems and software: This is crucial to patch security vulnerabilities and implement the latest security features.

WRITTEN BY

Team Eela

TechEela, the Bedrock of MarTech and Innovation, is a Digital Media Publication Website. We see a lot around us that needs to be told, shared, and experienced, and that is exactly what we offer to you as shots. As we like to say, “Here’s to everything you ever thought you knew. To everything, you never thought you knew”