Mac users have faced a malware campaign that hides behind fake browser update alerts. The infection spreads through hacked sites and appears as counterfeit updates for Google Chrome and Apple Safari. The compromised files are crafted to look like legitimate browser updates, tricking users into installing them.
In these files, families of malware such as RedLine, Amadey, and Lumma have been detected. The attack is launched via a credential-stealing tool known as Atomic Stealer, distributed by cybercriminals through Telegram groups for a price around one thousand dollars. Once activated, the tool can extract saved passwords, cookies, payment card details, and it can reach local files on the machine.
Experts advise Mac owners to be extra cautious and to reject any software update offers that look dubious or come from untrusted sources. Only official channels should be used to update browser software, and users should verify the origin of any update before installing.
Security researchers warn that infected Chrome and Safari updates have appeared on the internet, and that the AMOS family of malware has been observed in the wild for some time. The attack generally unfolds with a Google Search advertisement or an advertisement on a webpage that promotes downloading a browser update, steering users toward the malicious package.
In related context, public activity on social platforms has shifted focus after notable changes in platform policies and communication channels. These developments underscore the importance of staying informed about online security and the evolving methods used by attackers to distribute malware.
Users are reminded that legitimate software updates do not require payment through chat groups or unfamiliar payment methods. If an offer seems unusual or asks for unusual permissions, it should be treated with suspicion and investigated through official channels. Keeping software up to date, enabling security features, and using reputable security tools significantly reduces risk.