News

Mac Users Warned of Malware Campaign Exploiting Fake GitHub Pages

Cybersecurity researchers are warning Apple Mac users about a sophisticated malware campaign that uses fraudulent GitHub repositories to trick people into downloading infostealers and other malicious software.

The attack, uncovered by LastPass Threat Intelligence researchers, shows how cybercriminals are exploiting trusted platforms like GitHub to distribute Atomic Stealer (AMOS), a powerful malware active since April 2023.

How the Scam Works

The latest campaign was first detected on September 16, when investigators found two fake GitHub pages claiming to offer downloads of LastPass for Mac. The pages, created under the username modhopmduck476, contained links directing users to an external site where they were instructed to paste commands into their Mac’s terminal.

That command, hidden inside a CURL request, pulled down a base64-encoded script that eventually installed the Atomic Stealer malware into the system’s temporary directory. Once active, AMOS can harvest sensitive information including browser-stored credentials, cryptocurrency wallets, and personal files.

While those specific pages have since been removed, analysts warn that the campaign is ongoing, with attackers frequently creating new accounts and using search engine optimization (SEO) to push fraudulent repositories higher in Google and Bing search results.

A Wider Target List

The threat is not limited to LastPass impersonations. Security researchers linked the same campaign to fake repositories mimicking brands such as 1Password, Robinhood, Citibank, Docker, Shopify, and Basecamp. By impersonating trusted companies, attackers increase the likelihood of tricking users searching for legitimate downloads.

GitHub can and does take down fraudulent repositories, but cybercriminals often return under new aliases, raising concerns over how effectively such platforms can keep users safe.

Expert Concerns

“The use of GitHub Pages demonstrates both the convenience and the risks of community platforms,” LastPass said in a statement. “While takedowns are possible, attackers are persistent, and users must remain vigilant.”

How to Stay Safe

Security experts recommend several steps to avoid falling victim:

  • Download software only from official, verified sources.

  • Never paste commands from unfamiliar websites into your Mac terminal.

  • Keep macOS and all apps updated to patch vulnerabilities.

  • Use antivirus software with ransomware protection and enable regular system backups.

  • Stay skeptical of unsolicited links, pop-ups, or emails.

  • Follow advisories from trusted vendors for security updates.

  • Enable strong, unique passwords and two-factor authentication on important accounts.

With cybercriminals increasingly using mainstream platforms to deliver malware, experts warn Mac users that old assumptions of safety are no longer valid.

Photo Credit: DepositPhotos.com

Leave a Reply

Your email address will not be published. Required fields are marked *