More on News
In early 2023, researchers found Atomic macOS Stealer (AMOS), a sophisticated malware targeting Apple users. Once installed on the victim’s device, AMOS can extract sensitive data, such as iCloud Keychain passwords, crypto wallets, and credit card details. A recent report indicates cyber hackers are distributing AMOS to Mac users through a fake browser update chain known as “ClearFake.”
Malwarebytes reports that cyber attackers use the ClearFake method to deliver AMOS on Macs. Initially seen in Windows attacks, ClearFake uses fake Safari and Chrome updates on compromised websites. This exploits a broader network, enabling threat actors to capture user credentials and sensitive files for immediate profit or future attacks.
The researchers elaborate that ClearFake is a form of deepfake generated through machine learning, manipulating images or videos to make them appear as if they are real. Techniques like image splicing, facial recognition, and voice synthesis are used. ClearFakes are used for several objectives, like spreading misinformation and crafting fake news stories to impersonate individuals.
Upon clicking the fake update link, unsuspecting users are redirected to a site that discreetly downloads and installs AMOS onto their computers. Once infiltrated, AMOS operates covertly, gaining unauthorized access to sensitive data, including iCloud Keychain passwords, credit card details, and cryptocurrency wallets.
ClearFake’s adaptability raises concerns, expanding its impact from traditional Windows environments to target macOS users. This shift underscores the dynamic nature of cyberattack strategies, emphasizing the importance of heightened vigilance and proactive security measures.
To protect against ClearFake and emerging threats, it is imperative to adopt proactive security measures. This involves: