In an active, large-scale campaign, attackers are posing as legitimate brands on GitHub Pages to target macOS users with the data-skimming “Atomic” stealer.
According to recent findings from LastPass, which itself was targeted in the campaign, attackers are using SEO tricks to push malicious pages to the top of Bing and Google search results, luring users into thinking they’re installing genuine software.
“This campaign appears to be targeting a range of companies, including tech companies, financial institutions, password managers, and more,” LastPass said in a blog post, adding a list of targeted companies. “In the case of LastPass, the fraudulent repositories redirected potential victims to a repository that downloads the Atomic infostealer malware.”
