LastPass Warns of Ongoing Malware Campaign Targeting Apple macOS Users
LastPass has issued a warning about a widespread information stealer campaign that is currently targeting Apple macOS users. The campaign involves fake GitHub repositories that distribute malware disguised as legitimate tools.
“In the case of LastPass, the fraudulent repositories redirected potential victims to a repository that downloads the Atomic infostealer malware,” noted researchers from the LastPass Threat Intelligence, Mitigation, and Escalation (TIME) team.
Popular tools like 1Password, Basecamp, Dropbox, and others have also been impersonated in this campaign. All GitHub repositories involved are specifically designed to target macOS systems.
The attackers are utilizing Search Engine Optimization (SEO) poisoning to promote links to malicious GitHub sites on search engines like Bing and Google. Users are then instructed to download the program by clicking on a deceptive button, redirecting them to a GitHub page domain.
LastPass further added that the GitHub pages seem to be created by multiple usernames to evade takedowns.
The GitHub page prompts users to visit another domain that provides instructions to execute a command on the Terminal app, leading to the deployment of the Atomic Stealer malware.
Similar campaigns in the past have leveraged malicious sponsored Google Ads for Homebrew to distribute malware through bogus GitHub repositories.
Threat actors have also been observed using public GitHub repositories to host malicious payloads and distribute them through various methods.
