"Late last week, LastPass said it detected a widespread campaign that used search engine optimization to display ads for LastPass macOS apps at the top of search results returned by search engines, including Google and Bing. The ads led to one of two fraudulent GitHub sites targeting LastPass, both of which have been taken down. The pages provided links promising to install LastPass on MacBooks. In fact, they installed a macOS credential stealer known as Atomic Stealer, or alternatively, Amos Stealer."
"LastPass is hardly alone in seeing its well-known brand exploited in such ads. The compromise indicators LastPass provided listed other software or services being impersonated as 1Password, Basecamp, Dropbox, Gemini, Hootsuite, Notion, Obsidian, Robinhood, Salesloft, SentinelOne, Shopify, Thunderbird, and TweetDeck. Typically, the ads offer the software in prominent fonts. When clicked, the ads lead to GitHub pages that install versions of Atomic that are disguised as the official software being falsely advertised."
A widespread campaign used search engine optimization to place malicious ads for macOS apps at the top of Google and Bing results. The ads directed users to fraudulent GitHub pages that appeared to offer legitimate installs but instead deployed a macOS credential stealer identified as Atomic Stealer or, alternatively, Amos Stealer. Multiple well-known brands were impersonated, including password managers, productivity tools, and security vendors. Several malicious GitHub pages have been taken down and compromise indicators were shared to help detection and takedown efforts while mitigation and customer protections continued.
Read at Ars Technica
Unable to calculate read time
Collection
[
|
...
]