Dangerous new MacOS malware is targeting Apple users everywhere - here's what you need to know

CloudSek researchers find spoofed version of Spectrum website
The site tricks people into running AMOS through the ClickFix method
The researchers attributed the attack to a Russian-speaking group

Russian threat actors have been seen using the popular ClickFix method to steal passwords and drop infostealer malware on macOS targets.

Security researchers from CloudSek have reported multiple websites spoofing Spectrum, a US-based telecommunications provider. Victims visiting these websites would first be asked to verify that they’re human – however, the “verification” was designed to “fail”, after which the victims would be asked to use “Alternative Verification”.

NEVER MISS: Mistral Introduces New OCR API That Can Convert PDF Documents Into AI-Ready Format

It is unclear why the attackers added the extra step – we can assume it is to throw the victims off and have them lower their guard.

Revoking access tokens

In any case, the “alternative verification” method copies a command on their clipboard, after which the victims are instructed to paste and run them on their devices.

The command delivers AtomicOS (AMOS) – an infamous macOS infostealer that grabs passwords, cryptocurrency wallet data, and system information, from macOS users.

CloudSek did not attribute the campaign to any particular threat actor, but it has determined that they are of Russian origin.

NEVER MISS: Docking stations for the Mac Mini M4, now that's something Apple may wholeheartedly appreciate (or not)

“While inspecting the source code of the delivery page, we came across a couple of comments in Russian, indicating that the malware is likely being spread by Russian speaking cybercriminals,” the company said.

It doesn’t seem that the campaign targeted a specific group of people, or companies, but since it spoofs Spectrum, it’s safe to say the victims are the company’s current, or potential, customers.

NEVER MISS: I shot and edited this photo with my Samsung Galaxy Ultra and Adobe Lightroom Mobile – here's how you can get pro results with just your phone

The experts did note the campaign was set up rather clumsily: “Poorly implemented logic in the delivery sites, such as mismatched instructions across platforms, points to hastily assembled infrastructure. This campaign highlights an increasing trend in multi-platform social engineering attacks targeting both consumer and corporate users,” CloudSek concluded.

ClickFix has gotten quite popular in recent times, with different security outfits reporting discovering different variants of the technique in the wild.

Via The Hacker News

Source link

Dangerous new MacOS malware is targeting Apple users everywhere – here's what you need to know

Leave a Reply Cancel reply

Signup For Updates