Mac Users Alert: Beware of Atomic Stealer Malware

28.11.23

Threat Intelligence Alerts

Cyber security experts have detected a new malware threat targeting Mac users: Atomic Stealer. The crux of this cyber-attack lies in the exploitation of compromised WordPress websites. When a Mac user inadvertently navigates to one of these infected sites, they are presented with a seemingly legitimate browser update prompt. Assuming this notification is genuine, the unsuspecting user installs the update, unknowingly installing the Atomic Stealer malware onto their device. 

This alarming development marks a significant shift in malware tactics, as it’s the first time that this type of browser-update scam has been employed against Mac users. The campaign, dubbed ClearFake, cleverly exploits users’ trust in their web browsers, capitalising on the natural inclination to update software to maintain security.

The malware’s modus operandi is deceptively simple yet highly effective. When a victim visits a hacked website, a malicious script triggers a pop-up notification disguised as a genuine browser update prompt. The message typically alerts the user to an urgent update to fix security vulnerabilities or enhance browser performance.

Updates appear for both Safari and Chrome:

Unsuspecting users who click on the update button trigger the download of Atomic Stealer. Once installed, the malware infiltrates the system, stealthily gathering sensitive information. It explicitly targets passwords stored in various browsers, including Chrome, Firefox, and Safari, as well as cryptocurrency wallet data.

The malware’s reach extends further, capturing browsing history, cookies, and other identifying information. It even can exfiltrate local files, including documents, images, and other personal data.

As Mac users, it’s crucial to heighten your vigilance in the face of this emerging threat. Here are some key preventive measures to safeguard your macOS devices from Atomic Stealer:

1.   Exercise Caution with Downloads: Refrain from downloading files from unverified sources, especially those originating from unknown or suspicious websites.

2.   Enable Web Protection Tools: Use reputable web security software to detect and block malicious websites and browser-update prompts.

3.   Keep Software Updated: Ensure your macOS operating system, web browsers, and other essential software are updated to the latest versions. These updates often include bug fixes and security patches that can help thwart malware attacks.

4.   Beware of Phishing Attempts: Be wary of suspicious pop-up notifications or emails that urge you to update your browser or provide personal information. Legitimate updates are typically initiated from within the browser, not through external prompts.

If you suspect that Atomic Stealer may have compromised your Mac, take immediate action to mitigate the damage:

1.   Run Anti-Malware Scans: Utilise reputable anti-malware software to scan your system for any signs of infection and remove the malware if detected.

2.   Change Passwords: Reset all passwords for websites and accounts where you have stored sensitive information. This includes online banking, email, social media, and cryptocurrency wallets.

3.   Monitor Financial Activity: Closely monitor your bank accounts and credit cards for unauthorised transactions. Report any suspicious activity to your bank immediately.

https://www.bleepingcomputer.com/news/security/atomic-stealer-malware-strikes-macos-via-fake-browser-updates/?_hsmi=78978938&_hsenc=p2ANqtz-821swC3gbYIX_soCGQ5aU_j0TUALQ_Hs5hbM6TCmvkofxDowe4Z5f5OGLWijItrVUDeD1tQUnSfg-JAy5CPU76gjr8c5Cct3gnzk_4YZmKcGtgivA

https://www.scmagazine.com/brief/macs-targeted-by-atomic-stealer-through-fraudulent-browser-updates

https://www.malwarebytes.com/blog/threat-intelligence/2023/11/atomic-stealer-distributed-to-mac-users-via-fake-browser-updates