Macs targeted by Atomic Stealer through fraudulent browser updates

Threat actors have been targeting macOS devices with the Atomic Stealer information-stealing malware, also known as AMOS, through fraudulent web browser updates as part of the new "ClearFake" campaign, The Hacker News reports. Hacked WordPress sites modified to resemble fake browser updates have been leveraged to facilitate the deployment of a DMG file with Atomic Stealer, a technique which has also been used by other threat operations, including TA569, also known as SocGholish; ZPHP, also known as SmartApeSG; RogueRaticate, also known as FakeSG; and EtherHiding to spread information-stealing malware, a report from Malwarebytes showed. "The popularity of stealers such as AMOS makes it quite easy to adapt the payload to different victims, with minor adjustments," said Malwarebytes researcher Jerome Segura. Such a development comes after an updated LummaC2 infostealer was reported by Outpost24 to have utilized trigonometry to commence activity upon detection of human behavior, as well as facilitate Google cookie extraction.