- Cloudsk -Scientists Find Faked Version of Spectrum -Web
- The site fools people to run Amos through the Clickfix method
- The researchers attributed the attack to a Russian-speaking group
Russian threat players have been viewed using the popular clickfix method to steal passwords and drop infoTeals -Malware on macOS targets.
Cloudsk security researchers have reported that several sites that counterfeit spectrum, a US-based telecommunications provider. Victims visiting these sites were first asked to verify that they are human – the “verification”, however, was designed to “fail”, after which the victims were asked to use “alternative verification”.
It is unclear why attackers added the extra step – we can assume that it is to throw off the victims and make them lower their guard.
Revocation of the access tokens
In any case, the “Alternative Verification” method copies a command of their clipboard, after which the victims are asked to insert and run them on their devices.
The command provides atomicos (AMOS) -a notorious macOS infoTealer that grabs passwords, cryptocurrency -tegtog data and system information from macOS users.
Cloudsk does not attribute the campaign to any particular threat actor, but it has decided that they are of Russian origin.
“While we inspected the source code on the delivery page, we encountered a few comments in Russian, indicating that malware is likely to be spread by Russian speaking cyber criminals,” the company said.
It does not appear that the campaign targeted a particular group of people or businesses, but as it falls the spectrum, it is safe to say that the victims are the company’s current or potential customers.
The experts noticed that the campaign was created rather clumsy: “Poorly implemented logic at delivery sites, such as inconsistent instructions across platforms, pointing to rapidly collected infrastructure. This campaign highlights an increasing trend in multi-platform social engineering attacks aimed at both consumer and company users,” concluded Cloudsk.
Clickfix has become quite popular in recent times, with different safety equipment reporting to detect different variants of the technique in nature.
Via Hacker the news
