New Apple Passwords Attack Confirmed — What You Need To Know

Posted by Davey Winder, Senior Contributor | 4 hours ago | /consumer-tech, /cybersecurity, /innovation, Consumer Tech, Cybersecurity, Innovation, standard | Views: 11


Although it is far more commonplace to read about password attacks against users of the Windows operating system, or targeting services such as Gmail, the truth of the matter is that nobody is safe from the credential-theft threat as this newly confirmed Apple password-stealing attack illustrates. Here’s what you need to know about the AMOS campaign targeting macOS users.

ForbesDo Not Answer These Calls — Google Issues New Smartphone Warning

What You Need To Know About The AMOS Apple Passwords Attack

The latest adversary intelligence report from Koushik Pal, a threat researcher at CloudSEK, has warned users that a newly identified Atomic macOS stealer campaign utilizing a previously unknown variant has been observed targeting the Apple operating system.

Although this latest and ongoing threat leverages well-known existing tactics and techniques, such as the Clickfix fake CAPTCHA screen and multi-platform social engineering, the danger it poses to macOS users remains high nonetheless.

Better known as AMOS, this latest variant of the Atomic macOS Stealer has been observed using Clickfix attack sites that impersonate a U.S. support services company within the cable TV, internet provision, mobile phone, and managed services sectors. The brand impersonation in this case is made possible by way of typo-squatting domains that appear similar to the genuine article.

ForbesFBI Issues Critical Cyberattack Alert — Act Now As Victims Skyrocket

“The macOS users are served a malicious shell script designed to steal system passwords and download an AMOS variant for further exploitation,” Pal warned. This script then uses native macOS commands to “harvest credentials, bypass security mechanisms, and execute malicious binaries.” This is, to be fair, as significant a threat to your Apple passwords as you are going to get.

Targeting both consumer and corporate users, and highlighting a trend in such multi-platform social engineering attacks, Pal said that source code comments suggested that Russian-speaking cybercriminals are behind the new AMOS threat campaign.

The AMOS malware utilises legitimate utilities to circumvent endpoint security controls and extract macOS user passwords, which can then be used for lateral movement or sold to initial access brokers for use in other cybercriminal campaigns, including ransomware attacks.

Users should be educated about the tactics used by such Apple passwords-stealing campaigns, Pal recommended by way of mitigation, “especially those disguised as system verification prompts.”

ForbesGoogle Issues Critical New Threat Advisory — Take Action Now



Forbes

Leave a Reply

Your email address will not be published. Required fields are marked *