A powerful new malware launched in early 2023 called
Atomic macOS Stealer (AMOS) that targets Apple users and has become a growing threat. Now with the latest iteration of the malware, malicious parties are planting AMOS inside fake Safari and Chrome browser updates for Mac. We’ll cover how it works and how to avoid this threat.
As a refresher, AMOS is a powerful
piece of malware that once installed on a victim’s machine can steal iCloud Keychain passwords, credit card numbers, crypto wallets, files, and more.
After the discovery of the early AMOS threats in March and April, the security researchers at
Malwarebytes discovered in September that Mac users were installing AMOS through fake Google Search ads.
Now in the latest chapter of the pernicious software,
Malwarebytes reports that fake Safari and Chrome browser updates are now being used to sneak AMOS on to victims’ Macs (via
Ankit Anubhav).
The new approach with AMOS is called “ClearFake” which was a notable attack previously seen against Windows machines.
In an interesting new development, AMOS is now being delivered to Mac users via a fake browser update chain tracked as ‘ClearFake’. This may very well be the first time we see one of the main social engineering campaigns, previously reserved for Windows, branch out not only in terms of geolocation but also operating system.
9to5mac.com
