Recent cybersecurity reports reveal a concerning malware campaign targeting macOS users through a sophisticated social engineering tactic known as ClickFix. Cybersecurity firm CloudSEK has identified the malicious installation of the Atomic macOS Stealer (AMOS) malware, facilitated by typosquat domains resembling the U.S. telecom provider Spectrum. Users are misled to believe they're on a legitimate site, presented with a CAPTCHA challenge, and ultimately charged to execute a malicious shell script that steals system credentials and installs AMOS. The attackers are suspected to be Russian speakers, as indicated by comments in the malware's code.
Cybersecurity researchers have discovered a malware campaign targeting macOS users via social engineering tactics, leveraging typosquat domains to deliver an information stealer known as Atomic macOS Stealer (AMOS).
The attack begins with users being directed to a fraudulent site impersonating Spectrum, prompting them through a series of misleading messages that lead to the execution of a malicious shell script.
Once executed, the shell script prompts users for their system password and subsequently downloads the Atomic Stealer payload, exploiting native macOS commands for credential theft.
Research indicates that the cybercriminals behind this campaign may be Russian-speaking based on the presence of Russian language comments in the malware's code.
Collection
[
|
...
]