Skip to main content

Beware of fake browser updates on your Mac

Pop-ups for web browser updates on your Mac could be a malicious malware campaign known as ClearFake, whose intention is to steal personal data.

If you use a Mac, you may have seen some pop-ups or notifications urging you to update your web browser. 

But before you click on them, you should know that they could be part of a malicious malware campaign called ClearFake, which is designed to steal your personal data.

What is ClearFake?

ClearFake is the name given to a malware campaign that uses fake browser updates to infect your Mac with a credential stealer called Atomic Stealer. 

CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK VIDEO TIPS, TECH REVIEWS, AND EASY HOW-TO’S TO MAKE YOU SMARTER

This campaign was first discovered by security company Malwarebytes in its threat research report. According to Malwarebytes, ClearFake is one of the first social engineering campaigns that targets both Windows and Mac users with fake browser updates.

MORE: 34 BEST BLACK FRIDAY DEALS STILL GOING

How ClearFake tricks you into installing Atomic Stealer on your Mac

The ClearkFake campaign uses compromised websites to redirect you to a landing page that looks very realistic and mimics the official website of Google Chrome or Safari. The landing page tells you that your browser is outdated and that you need to download the latest version. However, the download link is actually a DMG file that contains Atomic Stealer.

If you download and open the DMG file, you will see a fake installer that asks you to enter your administrative password. This is how the malware gets permission to run commands on your Mac and enables its stealing capabilities. The malware then collects your data and sends it to a command and control server that is controlled by the hackers behind the ClearFake campaign.

What is Atomic Stealer?

Atomic Stealer is a type of malware that targets macOS devices and can access your credentials, cookies, browser history and sensitive files. It can also capture your screen and record your keystrokes. It is one of the most advanced and stealthy stealers for macOS, and it is sold on underground forums for a high price. Atomic Stealer is not a new threat, but it has a new way of infecting your Mac through fake browser updates.

How to protect yourself from ClearFake and Atomic Stealer?

To protect yourself from these threats, you should follow these steps:

Use a reliable antivirus software and keep it updated. Antivirus software can detect and remove malware from your device and prevent them from infecting your system. You should actively keep antivirus running in the background on your devices, scan your devices regularly and update your antivirus software to the latest version. See our review of the Best Antivirus Protection of 2023 here.

FACEBOOK ACCOUNTS HIT WITH MALICIOUS AD ATTACK WITH DANGEROUS MALWARE

Avoid clicking on suspicious links or attachments. Phishing emails and websites can look very convincing, but they may contain malicious links or attachments that can infect your device or redirect you to fake pages. You should always check the sender’s address, the URL of the link and the content of the message before clicking on anything. If you are not sure, do not open it or contact the sender to verify.

Use strong and unique passwords for your online accounts. Passwords are the first line of defense against credential stealers. You should use passwords that are long, complex and different for each account. You can also use a password manager to generate and store your passwords securely.

Enable two-factor authentication (2FA) whenever possible. Two-factor authentication adds an extra layer of security to your online accounts by requiring a second factor, such as a code sent to your phone or an email to log in. This way, even if your password is stolen, the attacker cannot access your account without the second factor.

Be careful about what you share online. Some websites and applications may ask you for personal information, such as your name, address, phone number or Social Security number. You should only provide this information if you trust the website or application and if it is necessary. You should also review your privacy settings and limit who can see your online activity.

What to do if you shared your information with a scammer?

If you think you've become the victim of a scam, contact the Better Business Bureau. You can file a complaint 24/7. 

NEW CISA WARNING: THANKSGIVING CLICKJACKING THREAT IN POPULAR BROWSERS

Besides the BBB, you can also use IdentityTheft.org or call 877-438-4338 if you feel that your identity has been stolen or misused.

Double-check all your financial accounts

If you notice any suspicious activity on your bank accounts or credit card statements, contact your bank and credit card company immediately.

Use Identity theft protection

Identity theft companies can monitor personal information like your Social Security number, phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. The great part of an identity theft company like my No. 1 pick is that you’re provided with your own personal case manager that will help you recover any losses.

See my tips and best picks on how to protect yourself from identity theft here.

Kurt's key takeaways

ClearFake and Atomic Stealer are examples of how threat actors are constantly evolving their techniques and expanding their targets. If you use a Mac, do not assume that you are immune to malware. You should always be vigilant about the online threats you may encounter.

Have you ever encountered a fake browser update on your Mac? How do you keep your device secure from malware? Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you'd like us to cover

Answers to the most asked CyberGuy questions:

Copyright 2023 CyberGuy.com. All rights reserved

Data & News supplied by www.cloudquote.io
Stock quotes supplied by Barchart
Quotes delayed at least 20 minutes.
By accessing this page, you agree to the following
Privacy Policy and Terms and Conditions.