U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Beware: GitHub repos distributing Atomic Infostealer on macOS

LastPass warns macOS users of fake GitHub repos distributing Atomic infostealer malware disguised as legitimate tools. LastPass warns macOS users about fake GitHub repositories spreading malware disguised as legitimate tools, redirecting victims to download the Atomic macOS infostealer. “The LastPass Threat Intelligence, Mitigation, and Escalation (TIME) team is tracking an ongoing, widespread infostealer campaign targeting […]

LastPass macOS GitHub Atomic infostealer malware

LastPass warns macOS users of fake GitHub repos distributing Atomic infostealer malware disguised as legitimate tools.

LastPass warns macOS users about fake GitHub repositories spreading malware disguised as legitimate tools, redirecting victims to download the Atomic macOS infostealer.

“The LastPass Threat Intelligence, Mitigation, and Escalation (TIME) team is tracking an ongoing, widespread infostealer campaign targeting Mac users through fraudulent GitHub repositories designed to trick potential victims into installing what is presented as various companies’ software for MacOS.” reads the report published by LastPass. “In the case of LastPass, the fraudulent repositories redirected potential victims to a repository that downloads the Atomic infostealer malware. “

The malware campaign is still ongoing, threat actors use SEO to push malicious sites atop the results from Google and Bing, targeting tech firms, banks, and password managers. Security teams share IoCs to detect and mitigate the campaign.

LastPass identified two fraudulent GitHub repos that were promptly labeled for take down and are now inactive.

“Notably, the GitHub pages appear to be created by multiple GitHub usernames to get around takedowns.” continues the report. “The GitHub page headlines include “name of company” and Mac-related terminology (i.e. MacOS, Mac, Premium on Macbook) since that’s what they are targeting.”

The GitHub page tricks users into following ClickFix-style instructions in Terminal, which installs the Atomic Stealer malware.

The campaign also targets macOS users by impersonating popular tools such as 1Password, Dropbox, Notion, Shopify, and others.

The researchers also shared Indicators of Compromise (IoCs) for this campaign.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, macOS)