Beware of fake browser updates on your Mac

It’s possible that you’ve received notifications or pop-ups on your Mac asking you to upgrade your web browser.

However, you should be aware that these can be a part of the harmful virus campaign known as ClearFake, which aims to steal your personal information before you click on it.

What is ClearFake?

A malware operation known as ClearFake utilizes phony browser upgrades to infect your Mac with Atomic Stealer, a credential stealer.

Security firm Malwarebytes originally found this campaign in one of its threat research reports. Malwarebytes claims that one of the earliest social engineering schemes that use fictitious browser upgrades to trick users of Mac and Windows platforms is called ClearFake.

fake browser updates on Mac
A fake Safari browser update  (Malwarebytes)

How ClearFake tricks you into installing Atomic Stealer on your Mac

The ClearkFake campaign exploits hacked websites to send you to a landing page that imitates the official Google Chrome or Safari website and looks quite authentic. You are informed on the landing page that you need to download the most recent version of your browser because it is out of date. But Atomic Stealer is actually contained in a DMG file that can be downloaded using that link.

A phony installer will appear when you download and launch the DMG file, requesting your administrative password. This is how the malware activates its stealing capabilities and obtains authorization to execute commands on your Mac. After that, the malware gathers your information and transmits it to a command and control server run by the hackers responsible for the ClearFake campaign.

fake browser updates on Mac
A fake Google browser update (Malwarebytes)

What is Atomic Stealer?

Malware known as Atomic Stealer targets macOS devices and has the ability to steal confidential data, cookies, browser histories, and login credentials. It also has the ability to record your keystrokes and screen capture.

It is one of the most sophisticated and covert stealers available for macOS, and it costs a lot of money to purchase on underground forums. Although Atomic Stealer is not a brand-new threat, it can now infect your Mac by sending false updates to your browser.

fake browser updates on Mac
A fake Safari browser update (Malwarebytes)

How to protect yourself from ClearFake and Atomic Stealer?

You ought to take the following actions to safeguard yourself from these dangers:

Make use of a reputable antivirus program and maintain its updates. Malware can be found, eliminated, and kept from infecting your machine by antivirus software. It is recommended that you maintain your antivirus software up to date, scan your devices frequently, and leave it running in the background on your devices.

Refrain from clicking on dubious attachments or URLs. Although phishing emails and websites can appear quite real, they might include harmful attachments or links that could infect your device or take you to untrusted websites. Before clicking on anything, you should always verify the sender’s address, the link’s URL, and the message’s content. Do not open it or get in touch with the sender to make sure if you are unsure.

Make sure your internet accounts have secure and distinctive passwords. The first line of protection against credential thieves is a strong password. It is recommended that you use unique, lengthy passwords for every account. To create and safely keep your passwords, you can alternatively use a password manager.

Whenever feasible, turn on two-factor authentication (2FA). By adding a second factor, like a code sent to your phone or an email, to your login process, two-factor authentication strengthens the security of your online accounts. In this manner, the attacker will be unable to access your account without the second factor, even if your password is taken.

Think twice before sharing anything online. You can be asked for personal information like your name, address, phone number, or Social Security number by certain websites and applications. If you believe the website or application is trustworthy and if the information is required, then you should only submit it. Limiting who can observe your online activity and reviewing your privacy settings are also important.

What to do if you shared your information with a scammer?

Scam victims should get in touch with the Better Business Bureau if they believe they have been duped. You can always register a grievance.

If you believe that your identity has been stolen or misused, you can report it to the BBB as well as use IdentityTheft.org or give them a call at 877-438-4338.

Double-check all your financial accounts

Get in touch with your bank and credit card company as soon as you see anything fishy on your statements or bank accounts.

Use Identity theft protection

Identity theft organizations are able to keep an eye on private data, such as your phone number, email address, and Social Security number, and notify you if it is being used to register accounts or sold on the dark web. They can also help you freeze your credit card and bank accounts to stop fraudsters from using them further. An excellent feature of an identity theft organization such as my top choice is that you will be assigned a personal case manager who will assist you in recouping any losses.

Key takeaways

Examples of how threat actors are always broadening their targets and refining their approaches are ClearFake and Atomic Stealer. Don’t think that using a Mac protects you from malware. You should constantly be on the lookout for any online attacks.

Read more at News Intercept:

Zoom fatigue may take toll on the brain and the heart, researchers say

1 thought on “Beware of fake browser updates on your Mac”

Leave a Comment

Seraphinite AcceleratorOptimized by Seraphinite Accelerator
Turns on site high speed to be attractive for people and search engines.