A massive, silent campaign specifically targeting Mac users has recently been discovered. These attacks occur organically, without the need for malicious emails, making them much harder to detect. Instead of using phishing techniques, hackers wait for the user to access a compromised site in an apparently normal way.
Upon entering these pages from a Mac computer, a fake CAPTCHA is displayed, which, when falsified, triggers a series of hidden steps. The site checks the device, executes a blockchain contract on the blockchain, and copies a malicious command to the user's clipboard. It then invites the user to paste this code into the macOS Terminal under false pretenses.
The downloaded code installs malware called Atomic Stealer designed to steal passwords, banking information, cryptocurrency wallets, and other system data. A researcher identified as Vesec has dubbed this attack MacReaper due to its ability to steal information without being easily detected. The eventual discovery by cybersecurity analyst Nicolás Azuara indicated that at least 29 websites, including Mexican domains, are compromised.
The attack utilizes advanced techniques such as obfuscated JavaScript, smart contracts, and execution in the Terminal to achieve its goals. This type of campaign represents a global threat, with thousands of compromised websites worldwide. Mac users should be cautious when visiting websites, verify URLs, avoid installing software from unverified sites, and use antivirus compatible with macOS.
This cyberattack campaign puts thousands of macOS users around the world at risk, demonstrating that no system is exempt from being compromised.
