Entertainment

Macs under attack from malware impersonating popular password managers — how to stay safe

AnyFans 2025-09-24

By Amber Bouman

Tom’s Guide

Newsletters

View Profile

Search Tom’s Guide

You May Like

200,000 passwords, credit card data and more stolen by this dangerous new malware — how to stay safe

Macs under attack from ‘cracked’ apps spreading dangerous info-stealing malware — don’t fall for this

Fake Meta suspension warnings used in new malware campaign — how to protect your devices and your data

Phone Insights

Phone Best Picks

Phone Deals

Phone Face-Offs

Phone How-Tos

Phone Reviews

Network Carriers

Android Phones

Google Phones

Motorola Phones

OnePlus Phones

Samsung Phones

Nothing Phone

TV Best Picks

TV Face-Offs

Audio Insights

Audio Best Picks

Audio Deals

Audio Face-Offs

Audio How-Tos

Audio Reviews

Over-Ear Headphones

Bluetooth Speakers

Smart Speakers

TV & Audio Brands

Entertainment

Streaming Devices

Prime Video

Paramount Plus

PlayStation

Handheld Gaming

Gaming Peripherals

Connections

Computing Insights

Computing Best Picks

Computing Deals

Computing Face-Offs

Computing How-Tos

Computing News

Computing Reviews

VPN Best Picks

VPN Face-Offs

VPN How-Tos

VPN Reviews

Operating Systems

Identity Theft Protection

Parental Controls

Malware & Adware

Virtual Reality

Augmented Reality

Smart Glasses

Chromebooks

Gaming Laptops

Apple Desktops

Gaming Desktops

Android Tablets

Computing Brands

AI Insights

AI Best Picks

AI Face-Offs

Google Gemini

Apple Intelligence

Mattress Best Picks

Mattress Deals

Mattress Face-Offs

Mattress How-Tos

Mattress News

Mattress Reviews

Mattress Care

Mattress Toppers

Pillows & Bedding

Smartwatches

Fitness Trackers

Smart Rings

Apple Watch

Home Insights

Home Best Picks

Home Face-Offs

Home How-Tos

Home Reviews

Home Topics

Home Appliances

Home Office

Home Security

Home Brands

Popular Brands

View Phones

Phone Insights

Phone Best Picks

Phone Deals

Phone Face-Offs

Phone How-Tos

Phone Reviews

Network Carriers

View Network Carriers

Android Phones

View Android Phones

Google Phones

Motorola Phones

OnePlus Phones

Samsung Phones

Nothing Phone

TV Best Picks

TV Face-Offs

Audio Insights

View Audio Insights

Audio Best Picks

Audio Deals

Audio Face-Offs

Audio How-Tos

Audio Reviews

Headphones

View Headphones

Over-Ear Headphones

View Speakers

Bluetooth Speakers

Smart Speakers

TV & Audio Brands

Entertainment

View Entertainment

View Streaming

Streaming Devices

Prime Video

Paramount Plus

View Gaming

PlayStation

Handheld Gaming

Gaming Peripherals

Word Games

Connections

View Computing

Computing Insights

Computing Best Picks

Computing Deals

Computing Face-Offs

Computing How-Tos

Computing News

Computing Reviews

VPN Best Picks

VPN Face-Offs

VPN How-Tos

VPN Reviews

View Hardware

View Software

Operating Systems

View Security

Identity Theft Protection

Parental Controls

Malware & Adware

View VR & AR

Virtual Reality

Augmented Reality

Smart Glasses

View Laptops

Chromebooks

Gaming Laptops

View Desktops

Apple Desktops

Gaming Desktops

View Tablets

Android Tablets

Computing Brands

AI Insights

AI Best Picks

AI Face-Offs

AI Engines

Google Gemini

Apple Intelligence

View Wellness

Mattresses

View Mattresses

Mattress Best Picks

Mattress Deals

Mattress Face-Offs

Mattress How-Tos

Mattress News

Mattress Reviews

Mattress Care

Mattress Toppers

Pillows & Bedding

View Fitness

Smartwatches

Fitness Trackers

Smart Rings

Apple Watch

Home Insights

Home Best Picks

Home Face-Offs

Home How-Tos

Home Reviews

Home Topics

Home Appliances

Home Office

Home Security

View Outdoors

Home Brands

Popular Brands

iPhone Air Review
iPhone 17 Pro Max Review
iPhone 17 Review
Meta Ray-Ban Display
Best laptops

Best Mattress

Don’t miss these

Malware & Adware
200,000 passwords, credit card data and more stolen by this dangerous new malware — how to stay safe

Malware & Adware
Macs under attack from ‘cracked’ apps spreading dangerous info-stealing malware — don’t fall for this

Malware & Adware
Fake Meta suspension warnings used in new malware campaign — how to protect your devices and your data

Online Security
Major flaw in top password managers lets hackers steal your login details, 2FA codes, credit card info and more

Malware & Adware
This Mac malware just got a major upgrade which makes it even harder to delete — how to stay safe

Online Security
Beware: Hackers are using fake credit card emails to steal all your passwords

Malware & Adware
Hackers are using Google search results to spread fake apps filled with malware — don’t fall for this

Malware & Adware
Dangerous Android banking trojan found lurking in malicious apps with 19 million installs — don’t fall for this

Malware & Adware
More than 250 malicious apps are spreading info-stealing malware on Android and iOS — delete these right now

Online Security
Email security features are being hijacked to steal Microsoft 365 logins — what you need to know

Online Security
Has your computer been hacked? 11 ways to tell and what to do now

Online Security
I found a phishing email in my inbox and a malicious app in my news feed — here’s how I knew they were scams

Online Security
Millions hit in quishing attacks as malicious QR codes surge — how to stay safe

Online Security
Hackers are using fake TikTok Shops to steal money and spread malware — don’t fall for this

Online Security
Popular TikTok video editor used in phishing scam – here’s how to stay safe

Online Security

Malware & Adware

Macs under attack from malware impersonating popular password managers — how to stay safe

Amber Bouman

23 September 2025

ClickFix style attack is being spread through fake downloads.

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

(Image credit: Tom’s Guide)

Over 100 password managers and software solutions are being impersonated by a new malware campaign targeting macOS users to steal their personal information. As reported by Bleeping Computer, the popular password manager LastPass has already started warning users about this malicious software that is being spread through fake GitHub repositories.

Besides impersonating LastPass, this campaign is also pretending to be other password managers and software solutions including 1Password, Dropbox, Gemini, Audacity, Adobe After Effects, and SentinelOne, among more than 100 others. It’s using these fake repositories to spread the Atomic macOS Stealer, also known as AMOS, which is an info-stealing malware often used in ClickFix style attacks. AMOS is a malware-as-a-service offering that can be bought by hackers and other cybercriminals for roughly $1,000/month on the dark web and typically targets the data stored on vulnerable computers.
The developers of this malware also recently added a backdoor component which gives them persistent and stealthy access to compromised systems. A large number of these deceptive GitHub repositories have been created from multiple accounts in order to optimize them to rank high in search results and to evade detection. LastPass has reported the fake repositories to GitHub but since it’s easy to recreate new ones through automation from new accounts, even if they’re taken down, new fraudulent ones could pop up just as quickly.

You may like

200,000 passwords, credit card data and more stolen by this dangerous new malware — how to stay safe

Macs under attack from ‘cracked’ apps spreading dangerous info-stealing malware — don’t fall for this

Fake Meta suspension warnings used in new malware campaign — how to protect your devices and your data

As ClickFix style attacks, the repositories feature a ‘download;’ button that directs users to a secondary website where they are instructed to paste a command into the terminal to perform an installation of what seems to be legitimate software but is in actuality malware. The “ClickFix’ method takes advantage of a target not fully understanding what the commands are doing on their system; in this case the command is performing a curl request to a base64-encoded URL which then downloads an AMOS payload to the /tmp directory.

How to stay safe from ClickFix malware attacks

(Image credit: Getty Images)
In order to stay safe from ClickFix style attacks, the most important thing you need to know is not to run commands on your system, especially when you don’t understand them. Additionally, when looking for software online, its recommended to only trust official app stores like the Mac App Store or vendor websites while avoiding offshoots. If there isn’t a macOS version of a particular piece of software available on a company’s official site, be extra wary when you find a third-party site or in this case, a GitHub page, suggesting there is one.
If you do come across a macOS port of a program you’re interested in, you should ensure that it comes from a reputable source that has been vetted by the community first. Still, you are installing it at your own risk, so when in doubt, it’s best to wait for an official port.
It also never hurts to have strong protections when online – one of the best antivirus software solutions can keep your Windows PCs protected while the best Mac antivirus software is specifically designed for your Apple computer. These paid solutions also provide you with plenty of extra useful features like web browsers that warn you about suspicious websites and downloads, ransomware rollback, a VPN, and more.

For those who are really worried about getting hacked or having their bank accounts drained by cybercriminals, you can’t go wrong with the best identity theft protection services for even more protection. However, you’ll need to sign up before a cyberattack or major security incident to take full advantage of the identity theft insurance and other protections these services offer.

ClickFix style attacks have been quite successful recently and until the general public learns to recognize and avoid them, hackers are going to keep using them in their malware campaigns. That’s why it’s up to you to practice good cyber hygiene and most importantly, to always be careful where you click and what you download.

Sign up to get the BEST of Tom’s Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
Follow Tom’s Guide on Google News and add us as a preferred source to get our up-to-date news, analysis, and reviews in your feeds. Make sure to click the Follow button!
More from Tom’s Guide

FBI warns hackers are impersonating crime reporting sites to steal your personal data — here’s how to tell
Google will let you use passkeys automatically in Chrome – here’s how you can switch
Hackers are now using deepfakes in phishing scams to fool banking apps and steal your money – how to stay safe

Today’s Intego deals

Mac Internet Security

Mac Premium Bundle

We check over 250 million products every day for the best prices

See more Computing News

Amber Bouman

Social Links Navigation
Senior Editor Security

Amber Bouman is the senior security editor at Tom’s Guide where she writes about antivirus software, home security, identity theft and more. She has long had an interest in personal security, both online and off, and also has an appreciation for martial arts and edged weapons. With over two decades of experience working in tech journalism, Amber has written for a number of publications including PC World, Maximum PC, Tech Hive, and Engadget covering everything from smartphones to smart breast pumps.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

200,000 passwords, credit card data and more stolen by this dangerous new malware — how to stay safe

Macs under attack from ‘cracked’ apps spreading dangerous info-stealing malware — don’t fall for this

Fake Meta suspension warnings used in new malware campaign — how to protect your devices and your data

Major flaw in top password managers lets hackers steal your login details, 2FA codes, credit card info and more

This Mac malware just got a major upgrade which makes it even harder to delete — how to stay safe

Beware: Hackers are using fake credit card emails to steal all your passwords

Latest in Malware & Adware

Google just took down 224 malicious apps with 38 million installs in massive SlopAds fraud campaign — how to stay safe

Fake Meta suspension warnings used in new malware campaign — how to protect your devices and your data

Hackers are using Google search results to spread fake apps filled with malware — don’t fall for this

This new Android banking trojan can automatically transfer money off your phone to hackers

Macs under attack from ‘cracked’ apps spreading dangerous info-stealing malware — don’t fall for this

Google wants to fight Android malware by making sideloading more difficult — here’s how

Latest in News

iPhone 17 ‘scratchgate’ — I’ve had my iPhone 17 Pro for over a week and it’s already scuffed

iPhone 17 is here — test your iPhone knowledge with Tom’s Guide Tech Crossword Puzzle

Macs under attack from malware impersonating popular password managers — how to stay safe

7.5 million Arizonans will face new age-verification checks for adult content – and non-compliant websites could be hit with fines of $250,000 for every violation

Apple just made it impossible to downgrade from iOS 26 — what you need to know

Prime Video top 10 movies — here’s the 3 I’m adding to my watchlist this week