Red Flag Raised on ClearFake After Deep Fake: Urgent Warning for Windows and Mac Users Against Browser Updates

Early in 2023, researchers found Atomic macOS Stealer (AMOS), a powerful malware that primarily targets Apple users. Once installed on a victim's device, AMOS malware can harvest personal information such as iCloud Keychain passwords, credit card numbers, cryptocurrency wallets, and different files. While the malware was previously a threat, a fresh revelation suggests that cyber hackers are now spreading AMOS to Mac users via a false browser update chain monitored as 'ClearFake.' 

According to Malwarebytes, a cyber threat alarm system provider, cyber attackers are employing the ClearFake technique to deliver AMOS to Mac users. ClearFake, first seen in Windows assaults, distributes bogus Safari and Chrome browser upgrades via infected websites. Threat actors are expanding their reach by using this growing network of infected websites, stealing login credentials and sensitive information from users who download the malware for immediate cash gain or future attacks.

But what exactly is ClearFake, and how is it used to deploy AMOS? 

The researchers say that ClearFake is a sort of deepfake developed by utilising machine learning to modify or synthesise images or videos to appear authentic. Image splicing, facial recognition, and voice synthesis can all be used to do this. Clear forgeries can be used for various goals, including spreading misinformation, fabricating false news reports, and impersonating someone.

ClearFake's method of malware installation

ClearFake is being used in this case to distribute AMOS, a sort of malware that takes information from its victims. The attackers create bogus websites to inject malicious JavaScript code. When a user accesses such a website, fraudulent prompts that seem like official Safari or Chrome browser updates appear. These notifications are meticulously designed to entice users to click, initiating the download and installation of AMOS malware.

Unsuspecting users are routed to a website that secretly downloads and install AMOS malware onto their systems after clicking the link to the false update. AMOS infiltrates the victim's system invisibly after installation, acquiring unauthorised access to sensitive data. Its primary goal is to steal sensitive data such as iCloud Keychain passwords, credit card information, and cryptocurrency wallets.

ClearFake's versatility is concerning since it extends its reach beyond traditional Windows contexts to target macOS users. This shift emphasises the changing nature of cyber attack techniques, emphasising the importance of increased attention and proactive actions.

How to Keep Safe

It is critical to protect against ClearFake and other developing dangers proactively. This includes the following:

• Avoid downloading software from unknown or untrustworthy sources: It is critical to update Safari via your Mac's System Preferences or Chrome from Google/the Chrome app.
• Use caution when urged to breach macOS GateKeeper protections: If an app asks you to bypass these safeguards, it should trigger a red alert, and users should be cautious.
• Before installing an app from a source other than the Mac App Store, verify its legitimacy: Check the website's creation date to guarantee its legitimacy.
• Updating operating systems and software: This is critical to ensuring that security vulnerabilities are addressed, and the most recent security measures are in place.