What is old is new again, #atomicstealer being distributed via #clearfake campaign. Haven't seen that in a while!

Clearfake domain: cejecuu4[.]xyz
C2: 193.124.185[.]23

Payload staged in Dropbox

#macosmalware #infostealers #amos #fakebrowserupdates #fakechrome