Skip to main content

PSA: Watch out for these fake Safari and Chrome updates infecting Macs with AMOS

A powerful new malware launched in early 2023 called Atomic macOS Stealer (AMOS) targets Apple users and has become a growing threat. Now, with the latest iteration of the malware, malicious parties are planting AMOS inside fake Safari and Chrome browser updates for Mac. We’ll cover how it works and how to avoid this threat.

As a refresher, AMOS is a powerful piece of malware that, once installed on a victim’s machine, can steal iCloud Keychain passwords, credit card numbers, crypto wallets, files, and more.

After the discovery of the early AMOS threats in March and April, the security researchers at Malwarebytes discovered in September that Mac users were installing AMOS through fake Google Search ads.

In the latest chapter of the pernicious software, Malwarebytes reports that fake Safari and Chrome browser updates are now being used to sneak AMOS onto victims’ Macs (via Ankit Anubhav).

The new approach with AMOS is called “ClearFake,” which was a notable attack previously seen against Windows machines.

In an interesting new development, AMOS is now being delivered to Mac users via a fake browser update chain tracked as ‘ClearFake’. This may very well be the first time we see one of the main social engineering campaigns, previously reserved for Windows, branch out not only in terms of geolocation but also operating system.

The approach works by threat actors using compromised websites to deliver fake Safari and Chrome updates.

Here’s the fake Safari update – which is easy to spot for Apple veterans with super old Safari and iCloud icons – but of course, many people may be fooled as it uses Apple’s normal update language:

via Malwarebytes

And here’s the fake Chrome update that’s more convincing:

via Malwarebytes

For a closer look at how the ClearFake delivery of AMOS works, check out the full post from Malwarebytes.

How to protect against Atomic macOS Stealer (AMOS)

Fortunately, this new attack method is totally preventable:

  • Don’t download software from untrusted or unknown sources – update Safari directly from your Mac in System Settings or Chrome directly from Google or within the Chrome app.
  • Be wary if an app asks you to bypass macOS GateKeeper protections.
  • If you do want to download an app outside Apple’s Mac App Store, check when the website was created.

How to check your Mac for malware

If you want to do a checkup on your Mac to make sure there’s no malware or adware, Malwarebytes offers a free app (for individuals) to find and remove it. Malwarebytes also offers its Browser Guard for Chrome, Firefox, and Edge at no cost for personal use.

More options include CleanMyMac XNorton, and McAfee. Read more tips in our full guide on:

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Michael Potuck Michael Potuck

Michael is an editor for 9to5Mac. Since joining in 2016 he has written more than 3,000 articles including breaking news, reviews, and detailed comparisons and tutorials.