Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Microsoft Fixes Exploited WebDAV Zero Day

June 11, 2025
Reading Time: 3 mins read
in Alerts
Microsoft Fixes Exploited WebDAV Zero Day

A sophisticated new malware campaign has emerged, which specifically targets macOS users through the use of deceptive typo-squatted domain names. These particular fraudulent domains are designed to convincingly mimic Spectrum, which is a major United States telecommunications provider for many customers. This recent campaign represents a significant escalation in ongoing cross-platform social engineering attacks that target both consumer and corporate users alike. The malicious operation notably leverages the increasingly popular Clickfix method, presenting its victims with fake but convincing security verification pages to execute code.

When unsuspecting users encounter these deceptive interfaces on fraudulent domains, they are then prompted to complete what appears to be a routine process. However, clicking the provided “Alternative Verification” button instead triggers a malicious sequence that then copies harmful commands to the user’s clipboard. CloudSEK researchers first identified this dangerous campaign during their routine discovery of new attacker infrastructure, quickly uncovering its complex multi-platform nature. Their detailed investigation subsequently revealed that the malicious websites deliver different payloads depending on the victim’s specific operating system, with macOS users receiving particularly dangerous shell scripts. These scripts are designed to harvest credentials and download AMOS variants for further exploitation.

The attack effectively employs a brand new variant of the Atomic macOS Stealer, also known as AMOS, which is cleverly disguised as a CAPTCHA verification.

The malware’s infection process demonstrates remarkable sophistication in successfully exploiting the unique security architecture that is built into the modern macOS. When the targeted macOS users follow the fake verification instructions that are displayed on the deceptive page, they inadvertently execute a downloaded shell script. This script then initiates an insidious credential harvesting routine by continuously prompting users for their system password until it is correct. It uses macOS’s native dscl command to validate the authenticity of the password that has been entered by the unsuspecting computer user. Once successful, the malware downloads the main AMOS payload and employs the stolen password with sudo privileges to bypass Apple’s Gatekeeper protections.

This particular attack’s widespread impact extends far beyond just individual credential theft, potentially enabling significant corporate network infiltration and also subsequent lateral movement.

 By successfully harvesting macOS user passwords, these attackers can then easily gain unauthorized access to important corporate systems, secure VPNs, and other critical internal resources. The presence of Russian-language comments discovered by the security researchers in the source code suggests the possible involvement of some Russian-speaking cybercriminal actors. However, several technical flaws, including mismatched instructions across platforms, indicate the attackers likely used hastily assembled infrastructure despite their sophistication in their social engineering tactics. The campaign’s core sophistication lies in its ability to exploit user trust.

Reference:

  • June 2025 Security Updates
Tags: Cyber AlertsCyber Alerts 2025CyberattackCybersecurityJune 2025Microsoft
ADVERTISEMENT

Related Posts

Wing FTP Server RCE Flaw Exploited

WinRAR Zero-Day Exploit $80K on Dark Web

July 14, 2025
Wing FTP Server RCE Flaw Exploited

Google Gemini Flaw Hijacks Email Summaries

July 14, 2025
Wing FTP Server RCE Flaw Exploited

Wing FTP Server RCE Flaw Exploited

July 14, 2025
Fake Firms Push Malware on Crypto Users

Fake Sites Push Investment Scams

July 11, 2025
Fake Firms Push Malware on Crypto Users

Severe WordPress Flaw 200K Sites at Risk

July 11, 2025
Fake Firms Push Malware on Crypto Users

Fake Firms Push Malware on Crypto Users

July 11, 2025

Latest Alerts

WinRAR Zero-Day Exploit $80K on Dark Web

Google Gemini Flaw Hijacks Email Summaries

Wing FTP Server RCE Flaw Exploited

Fake Sites Push Investment Scams

Fake Firms Push Malware on Crypto Users

Severe WordPress Flaw 200K Sites at Risk

Subscribe to our newsletter

    Latest Incidents

    Supermarket Cyberattack Prompts Warning

    China Hacker Suspected in DC Law Firm Breach

    nius.de Cyberattack Leaks User Data

    Microsoft’s Outlook Long Outage

    Avantic Lab Affected By Ransomware

    $40M+ Stolen from GMX Crypto Platform

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial