Cybercriminals are using search engine ads to impersonate popular online services and lure users into installing macOS credential stealers like Atomic Stealer. LastPass and other brands are targeted, with malicious ads leading to fake GitHub sites to distribute malware. #LastPass #AtomicStealer #CredentialTheft
Keypoints
- Cybercriminals use search engine ads to impersonate well-known services and distribute malware.
- LastPass detected a campaign where ads led to fake sites promoting malware for Mac users.
- The malicious sites disguise Atomic Stealer as legitimate software, tricking users into installing it.
- Other targeted brands include 1Password, Dropbox, Robinhood, and Shopify.
- Security companies are actively working to takedown these fraudulent sites and share signs of compromise.
Read More: https://arstechnica.com/security/2025/09/potent-atomic-credential-stealer-can-bypass-gatekeeper/