• Fake Google Chrome and Safari updates are being used to distribute the Atomic Stealer malware, also known as AMOS, on macOS devices.
• The malware is distributed through social engineering tactics, hijacking WordPress websites to lure users into downloading the malicious updates.
• AMOS can steal passwords, private files, and other sensitive data from infected Mac computers.

Mac users are being targeted by a new wave of malware attacks that utilize fake browser updates to infiltrate their systems. The malware, known as Atomic Stealer or AMOS, is being distributed through a social engineering campaign that hijacked WordPress websites to deliver fake Chrome and Safari updates.

Fake updates pretend to download legit software from trusted resources. After getting into their computers, the malware asks a victim for an administrator password that enables it to retrieve confidential information from the devices.

Researchers from Malwarebytes identified the latest version of Atomic Stealer and its distribution method through the ClearFake campaign. They discovered that the malware is delivered via hijacked websites that closely resemble official browser download pages. In the case of Chrome, the fake update page is particularly convincing, while the Safari update page uses outdated icons from older macOS versions.

Users need to be careful not to contract this malware by downloading software from unfamiliar sites. Other measures should include enabling the web protection settings in their web browsers like setting Safe Browsing in Chrome to prevent malicious sites from loading.

Additionally, users should be aware that Appledoes not distribute Safari updates outside of operating system updates. Therefore, there are no official Safari downloads that can be installed independently.

By staying vigilant and following these precautions, Mac users can help safeguard their devices against malware attacks like Atomic Stealer.