LastPass is warning users of a campaign that targets macOS users with malicious software impersonating popular products delivered through fraudulent GitHub repositories.
The fake apps deliver the Atomic (AMOS) info-stealing malware in ClickFix attacks, and are promoted through search engine optimization (SEO) tactics on Google and Bing.
AMOS is a malware-as-a-service operation available for $1,000/month that typically targets data on infected machines.
Recently, the developers of the malware added a backdoor component, giving attackers persistent, stealthy access to compromised systems.
LastPass says that apart from its product, the campaign impersonates more than 100 software solutions, like 1Password, Dropbox, Confluence, Robinhood, Fidelity, Notion, Gemini, Audacity, Adobe After Effects, Thunderbird, and SentinelOne.
Malicious Google Search result
Source: LastPass
The attackers created a large number of deceptive GitHub repositories from multiple accounts to evade takedown and optimize them to rank high in search results.
GitHub repository claiming affiliation with LastPass
Source: LastPass
... continue reading