Skip to main content
Fake Browser Update to Atomic macOS Stealer operation cover
COMING SOONBeginner

Fake Browser Update to Atomic macOS Stealer

A freelance designer's personal Mac is lured by a ClearFake 'your browser is out of date' prompt into downloading a fake Safari update. The bundled app is Atomic macOS Stealer: it phishes the login password, raids the keychain and browser stores, and uploads the loot to a single host over the same channel it uses to communicate. Reconstruct the chain from the macOS endpoint telemetry and the web filter.

25m
6 tasks
25 points
Free

Launches tomorrow

Jul 3, 2026

Friday, July 3, 2026 at 9:00 AM

Create your free account

Be ready the moment it drops — free forever.

Training Tools

XDRSIEM

What you'll investigate

6 objectives unlock when this operation goes live.

1Establish how the machine was lured
2Identify the file that was downloaded
3Name what executed on the endpoint
4Pin down the credential theft
5Follow the stolen data out
6Classify the exfiltration

Be first when it launches

Create your free account now. The moment this operation goes live on Jul 3, 2026, you can jump straight in — and you'll have the rest of the catalog to train on meanwhile.

Get Started Free

No credit card required — free forever