好的,我现在需要帮用户总结一篇文章的内容,控制在100字以内。首先,我得仔细阅读文章,抓住主要信息。 文章讲的是一个新的网络攻击活动,利用Atomic Stealer恶意软件攻击macOS用户。攻击者使用Script Editor,这是一个内置的应用程序,用来运行脚本。他们通过伪装成苹果主题的网站,诱骗用户点击链接,进而执行恶意代码。 攻击手法是基于ClickFix技术的变种,不需要用户手动在终端执行命令。恶意代码会下载并执行一个脚本,最终释放出Atomic Stealer。这种恶意软件会窃取各种敏感数据,包括密码、钱包信息等。 总结的时候要注意控制字数,并且直接描述内容,不需要开头语。重点包括:攻击方式、利用Script Editor、伪装网站、下载恶意软件、窃取数据等。 现在把这些要点浓缩成100字以内。确保涵盖攻击手段、工具、目标和影响。 </think> 网络攻击者利用macOS的Script Editor应用程序分发Atomic Stealer恶意软件。他们通过伪装成苹果主题的网站诱导用户点击链接,触发预设的恶意代码执行。该代码下载并运行恶意脚本,在内存中解码并执行最终payload——Atomic Stealer(AMOS),窃取用户的敏感数据如密码、钱包信息等。 2026-4-8 19:0:25 Author: www.bleepingcomputer.com(查看原文) 阅读量:6 收藏
A new campaign delivering the Atomic Stealer malware to macOS users abuses the Script Editor in a variation of the ClickFix attack that tricked users into executing commands in Terminal.
Script Editor is a built-in macOS application for writing and running scripts, primarily AppleScript and JXA, that can execute local scripts and shell commands. It is a trusted application pre-installed on macOS systems.
While this is not the first time it has been abused for malware delivery, the researchers note that, in the context of the ClickFix social engineering technique, it does not require the victim to manually interact with the Terminal and execute commands.
Apart from the Terminal-based variant being widely reported, macOS Tahoe 26.4 added protection against ClickFix attacks in the form of a warning when trying to execute commands.
In a new campaign distributing Atomic Stealer observed by security researchers at Jamf, the hackers target victims with fake Apple-themed sites that pose as guides to help reclaim disk space on their Mac computers.
These pages contain legitimate-looking system cleanup instructions but use the applescript:// URL scheme to launch Script Editor with a pre-filled executable code.
Source: Jamf
The malicious code runs an obfuscated ‘curl | zsh’ command, which downloads and executes a script directly in system memory.
This decodes a base64 + gzip payload, downloads a binary (/tmp/helper), removes security attributes via ‘xattr -c,’ makes it executable, and runs it.
The final payload is a Mach-O binary identified as Atomic Stealer (AMOS), a commodity malware-as-a-service that has been extensively deployed in ClickFix campaigns using various lures over the past year.
The malware targets a broad spectrum of sensitive data, including information stored in the Keychain, desktop, and browser cryptocurrency wallet extensions, browser autofill data, passwords, cookies, stored credit cards, and system information.
Last year, AMOS also added a backdoor component to give operators persistent access to compromised systems.
Mac users should treat Script Editor prompts as high-risk and avoid running them on their devices unless they fully understand what they do and trust the resource.
For macOS troubleshooting guides, it is recommended to rely only on official documentation from Apple.
Apple Support Communities, the forum where Apple customers can help each other with advice, although it may not be risk-free.
Automated Pentesting Covers Only 1 of 6 Surfaces.
Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.
This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation.
如有侵权请联系:admin#unsafe.sh