Fake Google Chrome and Safari updates for macOS are used to infect Mac computers with the nefarious Atomic Stealer malware, also known as AMOS. AMOS is distributed to Mac owners as part of a social engineering campaign and can steal passwords and private files stored on a Mac. Users will need to stay alert and may need to use web protection tools to protect themselves from malware spread through social engineering, as malware creators appear to be turning their attention to Mac owners.
Security firm Malwarebytes has shared details about the latest version of Atomic Stealer, malware distributed to macOS users through ClearFake, a campaign that uses hijacked WordPress websites to deliver fake browser updates for Chrome and Safari. The distribution of AMOS via ClearFake to macOS users was recently noticed by Ankit Anubhav, a security researcher.
The malware is distributed via hijacked sites that closely resemble the Google Chrome download page, and a fake Safari update page that uses outdated icons from older macOS versions. However, the rest of the web page design may convince some users to click and download the malware, while the fake Chrome download looks more convincing.
When the user clicks on the download button, the malicious .dmg file is downloaded to the Mac computer disguised as a browser installer. Once it is downloaded and opened, the user will be prompted to enter the administrator password which will perform nefarious commands on the device, including stealing passwords from Apple’s Keychain and exfiltrating documents, pictures, wallets and other data from the desktop of the user and document folders on macOS.
To stay protected from the malware, users should make sure they use some form of web protection, such as the Safe Browsing setting in Google Chrome. Doing so may prevent some of these malicious sites from loading at all.
Meanwhile, users should avoid downloading installers for Chrome from unknown websites. These social engineering websites aim to fool users who may find it difficult to distinguish which websites are genuine. A good rule of thumb is to check if the address bar shows google.com. On the other hand, Apple does not distribute Safari updates outside of operating system updates, so there are no official downloads for users to install.
For the latest tech news and reviews, follow DailyExpertNews X, Facebook, WhatsApp, Threads and Google News. Subscribe to our YouTube channel for the latest videos on gadgets and technology.
Redmi K70E with MediaTek Dimensity 8300 Ultra SoC officially teased; Key specifications, design surface online