In a surprising turn of events, the macOS-targeting data thief known as Atomic has found a new delivery vehicle through a deceptive web browser update chain named ClearFake.
This development, from Malwarebytes, might sign a shift in social engineering strategies, breaking away from the traditional Windows-focused landscape.
A Commercial Malware with a Hefty Price Tag
Atomic Stealer, or AMOS, entered the scene in April 2023, presenting itself as a subscription-based commercial malware demanding a steep $1,000 monthly.
Its capabilities focus on extracting sensitive data from web browsers and cryptocurrency wallets.
Fast forward to September 2023, and Malwarebytes exposed a campaign leveraging malicious Google ads, specifically targeting macOS users seeking the TradingView financial charting platform.
ClearFake Emerges: A Fresh Face in Malware Distribution
On the other end of the spectrum, ClearFake is a budding malware distribution operation utilizing compromised WordPress sites.
Its mission?
To serve up fraudulent web browser update notifications, all hoping to deploy various stealers and malware onto unsuspecting systems.
A Closer Look at Windows Hello Authentication Flaws
In a recent revelation, researchers at Blackwing Intelligence have found a series of vulnerabilities that could compromise Windows Hello authentication on laptops, including Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X.
The Fingerprint Sensor to Exploitation
The vulnerabilities affecting fingerprint sensors from industry players Goodix, Synaptics, and ELAN were exposed by Blackwing Intelligence.
These sensors, categorised as “match on chip” (MoC), integrate matching and other biometric functions directly into the sensor’s integrated circuit.
“While MoC prevents replaying stored fingerprint data to the host for matching, it does not, in itself, prevent a malicious sensor from spoofing a legitimate sensor’s communication with the host,” explain the researchers.
Bypassing the Protocols
Despite the Secure Device Connection Protocol (SDCP) by Microsoft aiming to secure the communication channel, the researchers identified a novel method allowing adversaries to pass these protections and launch adversary-in-the-middle (AitM) attacks.
Expert Guidance and Mitigation Strategies
To counter these vulnerabilities, Blackwing Intelligence recommends that original equipment manufacturers (OEMs) enable SDCP and conduct thorough audits of fingerprint sensor implementations by independent experts.
These measures are crucial for closing the security loopholes exposed by this research.
This revelation raises concerns about the resilience of biometric authentication systems.
As technology advances, security measures must evolve to keep pace with potential exploits, ensuring the integrity of user data and privacy.
North Korean Threat Actors Espionage and Financial Gain
North Korean threat actors have surfaced in not one but two campaigns, disguising both job recruiters and seekers.
Palo Alto Networks Unit 42 has bestowed the monikers “Contagious Interview” and “Wagemole” upon these shadowy endeavors.
Step 1:
Involves a scheme to infect software developers with malware under the guise of a fictitious job interview. The ultimate goal is cryptocurrency theft, with the compromised targets serving as a launchpad for subsequent attacks.
Step 2:
Conversely, the second campaign, Wagemole, is a plan designed for financial gain and espionage. Here, the threat actors adopt the role of fraudulent job seekers, utilizing a GitHub repository as the stage for their masquerade.
Resumes with forged identities impersonating individuals from various nationalities serve as their props.
“Software developers are often the weakest link for supply chain attacks, and fraudulent job offers are an ongoing concern, so we expect continued activity from Contagious Interview,” warns Unit 42.”
Game of Tag Yet To Play!
ClearFake in Macs and Windows Hello is making us rethink if they are really super safe.
The revelations about fingerprint sensors, and North Korea playing a tricky game with fake job offers to steal secrets or make money is like a puzzle, reminding us to be careful in this big online world.
Anas Hasan
November 23, 2023
3 years ago
