Mac owners, beware of ClearFake: How fake Chrome, Safari updates are spreading dangerous malware

As if the problem with deepfakes wasn’t enough of a menace to deal with, we now have a new and perhaps more dangerous security concern, one that hits and affects a wider range of people and can potentially hold victims for ransom in a much more dangerous situation. We are talking about ClearFakes, a new security nightmare that has cybersecurity experts extremely worried.

Security experts have issued a warning about a new wave of malware targeting macOS users through deceptive Google Chrome and Safari updates. The malicious software, known as Atomic Stealer or AMOS, is being distributed as part of a sophisticated social engineering campaign that aims to compromise the security of Mac computers.

Details of this latest threat were shared by cybersecurity firm Malwarebytes, shedding light on the tactics employed by attackers.

The malware is disseminated through a campaign called ClearFake, which utilizes compromised WordPress websites to deliver counterfeit browser updates for both Google Chrome and Safari. Ankit Anubhav, a prominent security researcher, recently identified instances of AMOS being distributed to macOS users through ClearFake.

The deceptive websites closely mimic the legitimate Google Chrome download page, and a fake Safari update page with outdated icons from older macOS versions. Despite some visual clues, the well-crafted design of these pages may trick unsuspecting users into downloading the malware. The fake Chrome download page, in particular, appears highly convincing.

Upon clicking the download button, users unwittingly download a malicious .dmg file disguised as a browser installer. Once opened, the installer prompts users to enter their administrator password, enabling the execution of malicious commands on the device.

These commands include the theft of passwords from Apple’s Keychain and the extraction of sensitive documents, images, wallets, and other data from the user’s desktop and documents folders on macOS.

To safeguard against this threat, experts recommend that users employ web protection tools, such as the Safe Browsing setting in Google Chrome, to block access to potentially malicious sites.

Additionally, users are advised to exercise caution and refrain from downloading Chrome installers from unfamiliar sources. One key indicator of authenticity is to check whether the website’s address bar displays “google.com.”

It is essential to note that Apple does not distribute Safari updates independently of operating system updates, meaning there are no official standalone downloads for users to install.

As cybercriminals increasingly target Mac owners, staying vigilant and adopting proactive measures are crucial to mitigating the risks associated with socially engineered malware campaigns.