It’s that time again… a new malware campaign has been discovered. This time, Mac users are being targeted specifically, as the campaign impersonates a beloved Mac utility called CleanMyMac. Let’s review the campaign and how you can reduce your risk of falling for a similar scam.
Malwarebytes Labs discovered that this campaign utilises malware called SHub Stealer- known for stealing sensitive data and cryptocurrency. Concerningly, this Malware also creates a backdoor for threat actors to return to, so if you fall victim, it can easily happen again if you don’t seriously lock down your account.
On the other hand, there’s the near-idental fake website of CleanMyMac that these scammers are using. How does the Malware get on your device? Like most, you download it, ironically. Of course, it’s disguised as a download for the CleanMyMac utility.
Unfortunately, this hasn’t been flagged as a suspicious domain yet. Evidence collected suggests that the threat actors used paid advertising to sponsor their website, with tools such as Google AdWords for example. We’ve made a blog on this tactic being used before, to build the facade of a trustworthy ‘Google-sponsored’ website, if you’re interested, click here.
Simply put, the best thing we advice are three things:
