search

chartingshow / crypto-firewall

🎁 Blocks browser-based crypto mining, cryptojacking, banking and crypto malware and phishing websites, apps and hackers command-and-control (C2) servers.
GNU General Public License v3.0
7 stars 0 forks source link

Block `ClearFake` MAC OS Update malware #388

Closed summercms closed 7 months ago

summercms commented 7 months ago

Enhancement idea

Description

In an interesting new development, AMOS is now being delivered to Mac users via a fake browser update chain tracked as ‘ClearFake’. This may very well be the first time we see one of the main social engineering campaigns, previously reserved for Windows, branch out not only in terms of geolocation but also operating system.

In October 2023, we saw a significant development for the malicious operation, which leveraged Binance Smart Chain contracts to hide its malicious scripts supporting the infection chain in the blockchain. This was blocked in issue: https://github.com/chartingshow/crypto-firewall/issues/151

Links

https://www.malwarebytes.com/blog/threat-intelligence/2023/11/atomic-stealer-distributed-to-mac-users-via-fake-browser-updates

https://urlhaus.abuse.ch/browse/tag/ClearFake/

https://threatfox.abuse.ch/browse.php?search=malware%3AClearFake

IOC

I2P websites

n/a

IPFS websites

n/a

Tor2web websites

n/a

TOR websites

n/a

URL's

n/a

Folders

n/a

Sub-Domains

n/a

Domains

3ol33lgbrvyjk3d.com
4m9q0m87vnmx0d1.com
acotechgh.com
adqdqqewqewplzoqmzq.site
alicortech.com
beksystems.com
bgobgogimrihehmxerreg.site
boiibzqmk12j.com
borbrbmrtxtrbxrq.site
brushremovalequipment.com
chalomannoakhali.com
cnswg1vzx6heh0f.com
concgc.com
d693na2y4mpkhr34.vip
delaneymc.com
dfjoiners.com
doctorkiki.me
dornelesassessoria.com.br
efmdwkmwke.xyz
efmdwkmwkq.xyz
eofjdo3zwxvbi57.com
ewkekezmwzfevwvwvvmmmmmmwfwf.site
excellentpatterns.com
gkrokbmrkmrxtmxrxr.space
howmuchtimeuneed.online
hwthurmann.de
ioiubby73b1n.com
jaminzaidad.com
jonathanbonnici.com
komomjinndqndqwf.store
kronosmagazine.com
l0yolufbw5yeabs.com
lminoeubybyvq.com
lollyjayconcepts.com
longlakeweb.com
mcguffinboots.com
midatlanticlabel.com
nazarenoagape.com.br
ocmtancmi2c5t.live
oiouhvtybh291.com
oiqwbuwbwqznjqsdfsfqhf.site
ojhggnfbcy62.com
omdowqind.site
opkfijuifbuyynyny.com
opmowmokmwczmwecmef.site
poibvyctm21e.com
poqwjoemqzmemzgqegzqzf.online
pwwqkppwqkezqer.site
reedx51mut.com
royaltrustrbc.com
sioaiuhsdguywqgyuhuiqw.org
stats-best.site
stats-tracked.com
thebestthings1337.online
theoptimistfirst.site
thiago-medeiros.com
u513fdanj.online
u513fdanj.website
ug62r67uiijo2.com
vollfisioterapia.com.br
vrgavaras.com
weomfewnfnu.site
wffewiuofegwumzowefmgwezfzew.site
wifi-ber.com
wnimodmoiejn.site
wsexdrcftgyy191.com

IP's

109.248.206.101
109.248.206.106
109.248.206.118
109.248.206.122
109.248.206.138
109.248.206.153
109.248.206.157
109.248.206.159
109.248.206.160
109.248.206.196
109.248.206.49
109.248.206.51
109.248.206.83
178.236.246.213
185.192.111.195
185.192.111.198
185.192.111.199
185.192.111.201
185.192.111.202
185.192.111.203
194.169.175.117
217.196.96.217
45.61.128.156
62.182.156.148

Emails

n/a

Wallet addresses

n/a

Mining pool addresses

n/a