Endpoint/Device Security, Malware

Macs targeted by Atomic Stealer through fraudulent browser updates

Share

Threat actors have been targeting macOS devices with the Atomic Stealer information-stealing malware, also known as AMOS, through fraudulent web browser updates as part of the new "ClearFake" campaign, The Hacker News reports. Hacked WordPress sites modified to resemble fake browser updates have been leveraged to facilitate the deployment of a DMG file with Atomic Stealer, a technique which has also been used by other threat operations, including TA569, also known as SocGholish; ZPHP, also known as SmartApeSG; RogueRaticate, also known as FakeSG; and EtherHiding to spread information-stealing malware, a report from Malwarebytes showed. "The popularity of stealers such as AMOS makes it quite easy to adapt the payload to different victims, with minor adjustments," said Malwarebytes researcher Jerome Segura. Such a development comes after an updated LummaC2 infostealer was reported by Outpost24 to have utilized trigonometry to commence activity upon detection of human behavior, as well as facilitate Google cookie extraction.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.