Lord777
Professional
- Messages
- 2,578
- Reaction score
- 1,532
- Points
- 113
The Atomic Stealer program remains a loyal assistant for many criminals.
Cybersecurity experts have discovered a new threat to macOS users. The Atomic Stealer malware, also known as AMOS, is now being distributed through fake web browser updates. This is happening as part of a campaign called ClearFake.
The study was conducted by analysts from Malwarebytes.
Atomic Stealer was first recorded in April 2023. This commercial malware is offered on a $ 1,000-a-month subscription and aims to steal cryptocurrency and sensitive data from web servers. For example, logins from various platforms, passwords, cookies, and bank card information.
In September, the Malwarebytes team reported another operation using Atomic. Then scammers created fake ads on Google. The victims were users who searched the web for a financial platform for chart analysis – TradingView.
For ClearFake, the attackers slightly adjusted their approach. They now use compromised WordPress sites to post bogus notifications asking them to update Chrome or Firefox.
It is worth mentioning that before Atomic was distributed mainly on Windows devices, but in this case Mac systems were also targeted.
Obviously, instead of updating on the victim's computer, a malicious program is installed by clicking on it. Atomic Stealer is delivered to the device in the form of a file with the DMG extension.
ClearFake joins a list of threats that already includes groups such as TA569, RogueRaticate, ZPHP, and EtherHiding, known for using fake browser updates for their own malicious purposes.
Recently, updates in the LummaC2 stealer malware were also investigated . Now it uses a unique method based on the principles of trigonometry to bypass antivirus programs. The software is activated only when it detects actions that are similar to the real user's activity. In addition, the developers of LummaC2 stealer have added a feature that allows you to collect cookies from Google accounts, which remain valid even if the victim changes the password.
Cybersecurity experts have discovered a new threat to macOS users. The Atomic Stealer malware, also known as AMOS, is now being distributed through fake web browser updates. This is happening as part of a campaign called ClearFake.
The study was conducted by analysts from Malwarebytes.
Atomic Stealer was first recorded in April 2023. This commercial malware is offered on a $ 1,000-a-month subscription and aims to steal cryptocurrency and sensitive data from web servers. For example, logins from various platforms, passwords, cookies, and bank card information.
In September, the Malwarebytes team reported another operation using Atomic. Then scammers created fake ads on Google. The victims were users who searched the web for a financial platform for chart analysis – TradingView.
For ClearFake, the attackers slightly adjusted their approach. They now use compromised WordPress sites to post bogus notifications asking them to update Chrome or Firefox.
It is worth mentioning that before Atomic was distributed mainly on Windows devices, but in this case Mac systems were also targeted.
Obviously, instead of updating on the victim's computer, a malicious program is installed by clicking on it. Atomic Stealer is delivered to the device in the form of a file with the DMG extension.
ClearFake joins a list of threats that already includes groups such as TA569, RogueRaticate, ZPHP, and EtherHiding, known for using fake browser updates for their own malicious purposes.
Recently, updates in the LummaC2 stealer malware were also investigated . Now it uses a unique method based on the principles of trigonometry to bypass antivirus programs. The software is activated only when it detects actions that are similar to the real user's activity. In addition, the developers of LummaC2 stealer have added a feature that allows you to collect cookies from Google accounts, which remain valid even if the victim changes the password.
