According to Gadget360 , fake updates of Google Chrome and Safari browsers are being used to infect many macOS users with Atomic Stealer malware (also known as AMOS).
The new wave of attacks was discovered by security firm Malwarebytes. According to researcher Ankit Anubhav, the malicious campaign is being spread by hackers using ClearFake, a method known for using hacked and defaced WordPress websites to lure victims into downloading fake browser updates.
To unsuspecting users, the hacked websites were designed with an interface that closely resembled the download page for Google's Chrome browser, while the Safari site was disguised with an outdated icon of the browser.
Fake Chrome browser update website interface
When a user clicks the Download button, a malicious .dmg file disguised as a web browser installer is downloaded to the Mac. When opened, the user is prompted to enter an administrator password to execute malicious commands on the device, including stealing passwords from the Keychain, documents, photos, digital wallets, and more from the macOS user's computer.
In the face of increasingly sophisticated attacks, to protect yourself from malware, users should use some form of protection when surfing the web - such as Google Chrome's built-in Safe Browsing setting. Also, avoid downloading installers from unknown websites, and as a rule of thumb, check the address bar to see if you are accessing the correct domain name google.com .
Additionally, Apple doesn't distribute Safari updates through its website, new versions of the browser are always included in operating system updates. So ignore any Safari update requests that appear on the web.
Source link
Comment (0)