In an energetic, large-scale marketing campaign, attackers are posing as reputable manufacturers on GitHub Pages to focus on macOS customers with the data-skimming “Atomic” stealer.
In response to current findings from LastPass, which itself was focused within the marketing campaign, attackers are utilizing search engine optimization tips to push malicious pages to the highest of Bing and Google search outcomes, luring customers into pondering they’re putting in real software program.
“This marketing campaign seems to be focusing on a variety of firms, together with tech firms, monetary establishments, password managers, and extra,” LastPass stated in a weblog publish, including an inventory of focused firms. “Within the case of LastPass, the fraudulent repositories redirected potential victims to a repository that downloads the Atomic infostealer malware.”
