Large-Scale Attack Targeting Macs via GitHub Pages Impersonating Companies to Attempt to Deliver Stealer Malware
In the case of LastPass, the fraudulent repositories redirected potential victims to a repository that downloads the Atomic infostealer malware. The threat actors are using Search Engine Optimization (SEO) to deliver links to their malicious sites at the top of search pages, including Bing and Google. This campaign appears to be targeting a range of companies, including tech companies, financial institutions, password managers, and more. Further information on the targeted companies can be found in the Indicators of Compromise (IoCs) at the end of the blog.
To read the complete article see:
📅 Event Reminder: Present at our next RISE event in Kuala Lumpur on December 9th and 10th, 2025: Event Submission
This post is licensed under CC BY 4.0 by the author.