© IE Online Media Services Pvt Ltd
Tags:
Journalism of Courage
Earlier this year, researchers discovered a new malware named ‘Atomic Stealer’ that tricks users into installing it by showing users a fake Chrome update web page asking them to update to the latest version of the browser if they want to see the content on the website.
The malware worked by exploiting vulnerabilities and compromising websites using JavaScrip instructions. In October, the malware was spotted using Binance’s Smart Chain contracts blockchain technology to hide its scripts and infected Windows-powered machines via a campaign named ‘ClearFake’.
Now, a recent post on a website called Infosec Exchange by cybersecurity researcher Ankit Anubhav suggests that the ‘Clearfake’ campaign is now affecting users on macOS as well. A few days later, the news was confirmed by the known cybersecurity company Malwarebytes.
When users browse a website compromised by ClearFake, they are shown a fake Chrome or Safari browser update page asking them to update to the latest version if they want to see the content on the website. The template Chrome and Safari update page looks just like the official one and is available in different languages as well.
If users download and install the update from the fake page, the malware steals information like passwords, credit card numbers, Wi-Fi passwords, website logins, documents, cookies and other sensitive data from Windows and macOS machines.
According to a report by Bleeping Computer, the stolen information is then purchased by cybercriminals via Telegram channels for around $1,000 per month. Atomic Stealer was discovered earlier this year in March still remains undetected by around half the anti-virus engines used by the popular malware scanning website VirusTotal.
If you want to stay safe from the malware, make sure to ignore any pages that ask you to update your web browser and only use the built-in updater tool that automatically downloads the latest version.
