One well-liked Mac OS stealer is Atomic Stealer, or AMOS. We previously reported on how malicious advertisements were luring people into installing this malware in September, disguising it as a well-known application. The threat actors can reach a larger audience by stealing credentials and files of interest that can be quickly monetized or used for other assaults, thanks to an expanding list of hacked sites at their disposal.
An intriguing recent development is that Mac users are now receiving AMOS through a fraudulent browser update chain identified as “ClearFake.” This might be the first time one of the major social engineering campaigns—which were previously exclusive to Windows—branches out beyond geolocation.