Mac Users Targeted In Browser Scam

Mac users have been warned to watch out for bogus updates to the Safari and Chrome browsers. It's a scam to spread data-stealing malware.

The AMOS malware, also called Atomic Stealer, is particularly nasty as it targets data stored or transmitted by web browsers. This includes login details, passwords, and credit card numbers. It also looks for cryptocurrency wallets, which give access to Bitcoin and other cryptocurrencies that can be stolen and turned into cash. (Source: malwarebytes.com)

The malware has been around since the spring when the scammers targeted people searching for popular apps. They used online ads to appear on Google search results page, then tricked users into downloading bogus copies of the app that actually housed the malware.

The new variant of the scam involves hijacking websites that have themselves been hit by malware. The scammers replace the website's legitimate content with bogus pages that warn users they need an update to Safari or Chrome.

Playing On Fears

The warnings pressure users either by saying they face a security threat or that they need to update the browser in order to view the page. The bogus pages look relatively plausible because they mirror official Apple and Google logos, design, wording and typography, though some of the icons are outdated on the Safari version. (Source: 9to5mac.com)

The scam does require some user action depending on the setup, including typing in an administrative password or giving permission to bypass a Mac security feature called GateKeeper.

Browsers Update Automatically

As usual, it's a number game. At each stage of the scam, there's a good chance most users will avoid being fooled, leaving only a tiny percentage who actually install the malware and don't have it flagged up by security software. However, the scam is likely relatively inexpensive to pull off and a tiny percentage of a huge audience can still make for a lot of victims.

A key thing to remember with this particular scam is that Safari and Chrome both automatically update themselves, usually installing the update when the browser is next opened. While it's not a bad idea to occasionally check the browser is indeed up to date, users can do this in settings menus of the browsers themselves. There's never any need to use a website to update these browsers.

What's Your Opinion?

Have you spotted these bogus pages? Does it matter that most users won't fall for this scam? Should Apple and Google give clearer warnings to users to be wary of such scams?