Threat Intelligence, Malware

ClickFix harnessed in new AMOS malware campaign

reCAPTCHA on a Windows screen. Checkmark to prove that you are not robot.

Suspected Russian threat actors have exploited the ClickFix attack technique to distribute the Atomic macOS Stealer, or AMOS, malware on macOS systems, according to The Hacker News.

Malicious websites spoofing U.S. telecommunications firm Spectrum have been displaying instructions luring visitors into accomplishing a CAPTCHA verification check for a connection security review, which would subsequently trigger an error prompting the appearance of an "Alternative Verification" button, a report from CloudSEK revealed. Clicking such a button leads not only to command copying on the users' clipboard but also instructions ordering the execution of a PowerShell command that eventually results in the deployment of the AMOS malware. Such findings follow a SlashNext report detailing another ClickFix-style attack campaign involving phony Turnstile pages. "Modern internet users are inundated with spam checks, CAPTCHAs, and security prompts on websites, and they've been conditioned to click through these as quickly as possible. Attackers exploit this 'verification fatigue,' knowing that many users will comply with whatever steps are presented if it looks routine," said SlashNext researcher Daniel Kelley.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds