Hacker Targets Mac U…
A hacker is trying to infect Mac users with malware by exploiting internet searches for password managers and other apps, including LastPass.
LastPass is warning users about the threat, which involves deceptive download links appearing on search engines like Google and Microsoft’s Bing. The links forward users to pages on GitHub, a popular platform for hosting software projects, including free, open-source programs. LastPass itself has an official page on GitHub.
(Credit: LastPass)
It looks like a hacker tried to exploit this by creating two fake GitHub pages for the Mac version of LastPass. But in reality, it was a scheme designed to trick users into installing the Atomic malware, which can steal passwords and cryptocurrency details from a user’s browser.
(Credit: LastPass)
According to LastPass, the malicious GitHub pages appear if you search Google for “lastpass github macos.” The GitHub pages then try to redirect users to another domain at “macprograms-pro[.]com/mac-git-2-download.html” to fool users into installing the actual malware.
The hacker uses search engine optimization techniques to elevate the GitHub pages on Google and Bing search results. It’s unclear what those techniques are, but creating a network of fake web pages that link to the malicious GitHub pages and using specific keywords can elevate a domain to a search result.
The hacker behind the attack also tried to exploit searches for a wide number of Mac-related apps. “This campaign appears to be targeting a range of companies, including tech companies, financial institutions, password managers, and more,” LastPass added.
Recommended by Our Editors
The other products targeted include stock trading app Robinhood, 1Password, free audio editor Audacity, and video editor Davinci Resolve for Macs.
The good news is that the malicious GitHub pages appear to have been taken down. Still, if you search for “lastpass github macos,” you can still find one of the malicious GitHub pages near the top of the results. The incident is a reminder that it’s best to download apps from official domains and app stores.
Get Our Best Stories!
Stay Safe With the Latest Security News and Updates
By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
About Our Expert
Michael Kan
Senior Reporter
Experience
I’ve been a journalist for over 15 years. I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017, where I cover satellite internet services, cybersecurity, PC hardware, and more. I’m currently based in San Francisco, but previously spent over five years in China, covering the country’s technology sector.
Since 2020, I’ve covered the launch and explosive growth of SpaceX’s Starlink satellite internet service, writing 600+ stories on availability and feature launches, but also the regulatory battles over the expansion of satellite constellations, fights with rival providers like AST SpaceMobile and Amazon, and the effort to expand into satellite-based mobile service. I’ve combed through FCC filings for the latest news and driven to remote corners of California to test Starlink’s cellular service.
I also cover cyber threats, from ransomware gangs to the emergence of AI-based malware. Earlier this year, the FTC forced Avast to pay consumers $16.5 million for secretly harvesting and selling their personal information to third-party clients, as revealed in my joint investigation with Motherboard.
I also cover the PC graphics card market. Pandemic-era shortages led me to camp out in front of a Best Buy to get an RTX 3000. I’m now following how President Trump’s tariffs will affect the industry. I’m always eager to learn more, so please jump in the comments with feedback and send me tips.
Read Full Bio
