LastPass warns of a widespread campaign targeting macOS users through fake GitHub repositories hosting malware disguised as legitimate tools. The attack uses SEO poisoning and multiple compromised GitHub accounts to distribute the Atomic infostealer malware, impacting various popular apps. #AtomicStealer #GitHubThreats
Keypoints
- Cybercriminals are distributing malware via fake GitHub repositories targeting macOS users.
- The malicious campaign impersonates popular tools such as 1Password, Dropbox, and Robinhood.
- Attackers use SEO poisoning to manipulate search results and redirect victims to malicious sites.
- The compromised GitHub pages redirect users to domains instructing them to execute commands in Terminal.
- Previous campaigns have exploited Google Ads and other GitHub techniques for malware distribution.
Read More: https://thehackernews.com/2025/09/lastpass-warns-of-fake-repositories.html