The 'ClearFake' affected browser amend attack has broadcast to macOS, targeting Apple computers with Atomic Stealer (AMOS) malware.
In October 2023, Guardio Labs discovered a cogent development for the awful operation, which leveraged Binance Smart Chain affairs to adumbrate its awful scripts acknowledging the infection alternation in the blockchain.
Via this technique, dubbed "EtherHiding," the operators broadcast Windows-targeting payloads, including information-stealing malware like RedLine, Amadey, and Lumma.
Expanding to macOS
On November 17, 2023, blackmail analyst Ankit Anubhav reported that ClearFake had started blame DMG payloads to macOS users visiting compromised websites.
A Malwarebytes report from beforehand this anniversary confirms this development, advertisement that these attacks apply a Safari amend allurement alternating with the accepted Chrome overlay.
The burden alone in these cases is Atomic, an info-stealing malware awash to cybercriminals via Telegram channels for $1,000/month.
Atomic was apparent in April 2023 by Trellix and Cyble, who appear that it attempts to abduct passwords, cookies, and acclaim cards stored in browsers, bounded files, abstracts from over 50 cryptocurrency extensions, and keychain passwords.
The keychain countersign is macOS' complete countersign administrator that holds WiFi passwords, website logins, acclaim agenda data, and added encrypted information, so its accommodation can aftereffect in a cogent aperture for the victim.
Malwarebyte's assay of the payload's strings reveals a alternation of commands for extracting acute abstracts like passwords and targeting certificate files, images, crypto wallet files, and keys.
The ClearFake attack now targeting Macs is a admonition for Apple users to strengthen their aegis and be accurate with downloads, abnormally prompts to amend your browser back visiting websites.
Even afterwards several months afterward the analysis and letters on Atomic, the burden is undetected by roughly 50% of AV engines on VirusTotal.
Furthermore, all Safari browser updates will be broadcast through macOS's Software Update, or for added browsers, aural the browser itself.
Therefore, if you see any prompts to download browser updates on websites, they should be ignored.