
Fake Browser Update to Atomic macOS Stealer
A freelance designer's personal Mac is lured by a ClearFake 'your browser is out of date' prompt into downloading a fake Safari update. The bundled app is Atomic macOS Stealer: it phishes the login password, raids the keychain and browser stores, and uploads the loot to a single host over the same channel it uses to communicate. Reconstruct the chain from the macOS endpoint telemetry and the web filter.
Launches tomorrow
Friday, July 3, 2026 at 9:00 AM
Be ready the moment it drops — free forever.
Training Tools
What you'll investigate
6 objectives unlock when this operation goes live.
Be first when it launches
Create your free account now. The moment this operation goes live on Jul 3, 2026, you can jump straight in — and you'll have the rest of the catalog to train on meanwhile.
Get Started FreeNo credit card required — free forever