Malware News PSA: Watch out for these fake Safari and Chrome updates infecting Macs with AMOS


Level 44
Thread author
Top Poster
Nov 10, 2017
A powerful new malware launched in early 2023 called Atomic macOS Stealer (AMOS) that targets Apple users and has become a growing threat. Now with the latest iteration of the malware, malicious parties are planting AMOS inside fake Safari and Chrome browser updates for Mac. We’ll cover how it works and how to avoid this threat.

As a refresher, AMOS is a powerful piece of malware that once installed on a victim’s machine can steal iCloud Keychain passwords, credit card numbers, crypto wallets, files, and more.

After the discovery of the early AMOS threats in March and April, the security researchers at Malwarebytes discovered in September that Mac users were installing AMOS through fake Google Search ads.

Now in the latest chapter of the pernicious software, Malwarebytes reports that fake Safari and Chrome browser updates are now being used to sneak AMOS on to victims’ Macs (via Ankit Anubhav).

The new approach with AMOS is called “ClearFake” which was a notable attack previously seen against Windows machines.

In an interesting new development, AMOS is now being delivered to Mac users via a fake browser update chain tracked as ‘ClearFake’. This may very well be the first time we see one of the main social engineering campaigns, previously reserved for Windows, branch out not only in terms of geolocation but also operating system.

Full article

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.