354/68 Monday, September 22, 2025
LastPass has issued a warning to its users about a malicious campaign in which cybercriminals are creating fake repositories on GitHub to distribute malware disguised as popular software. The attacks specifically target macOS users, tricking them into installing a malware strain called Atomic Infostealer, which is designed to steal sensitive data from victims’ devices.
Security researchers from LastPass’s Threat Intelligence, Mitigation, and Escalation (TIME) team revealed that attackers are using SEO poisoning to push fake GitHub sites to the top of Bing and Google search results. Unsuspecting users are lured into clicking a button labeled “Install LastPass on MacBook,” which redirects them to a GitHub page created under multiple user accounts to avoid takedowns. From there, victims are redirected to another domain instructing them to copy and paste code into their Terminal, directly installing the Atomic Stealer malware.
It’s not just LastPass being impersonated. Other popular applications, including 1Password, Dropbox, Notion, Shopify, Thunderbird, and TweetDeck, have also been spoofed in similar campaigns. This threat is not entirely new, as hackers have previously leveraged fake Google Ads to spread malware via seemingly legitimate GitHub repositories. Users are strongly advised to always verify the authenticity of software sources before installing – especially when downloading from external websites – to avoid falling victim to information-stealing malware that could lead to financial loss and data compromise.
Source https://thehackernews.com/2025/09/lastpass-warns-of-fake-repositories.html
