LastPass, a leader in password and identity management trusted by over 100,000 businesses worldwide, today announced the discovery of a widespread cyberattack targeting Mac users through fraudulent GitHub repositories impersonating trusted companies, including LastPass. The campaign, uncovered by the LastPass Threat Intelligence, Mitigation, and Escalation (TIME) team, aims to distribute the Atomic Stealer (AMOS) malware via deceptive download links and Search Engine Optimization (SEO) manipulation.

This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20250922622759/en/

LastPass has published Indicators of Compromise (IoCs) to assist other security teams in identifying and mitigating threats related to this campaign.

The attackers created GitHub pages falsely claiming to offer legitimate MacOS software from companies such as LastPass. These pages were designed to appear in top search engine results, including Google and Bing, through aggressive SEO tactics. Once clicked, users were redirected to malicious sites instructing them to execute terminal commands that ultimately installed infostealer malware.

“Protecting our users is our highest priority,” said Alex Cox, Director of Threat Intelligence, Mitigation, and Escalation (TIME) team at LastPass. “We acted swiftly to identify and report the fraudulent GitHub pages impersonating LastPass, which have since been taken down. We continue to monitor this campaign and collaborate with industry partners to disrupt its infrastructure.”

The malware being distributed, known as Atomic Stealer, has been active since at least April 2023 and is associated with financially motivated cybercrime groups. It is capable of harvesting sensitive information from infected systems, posing a significant risk to individuals and organizations alike.

LastPass urges all users to remain vigilant and avoid downloading software from unofficial sources. The company has published Indicators of Compromise (IoCs) to assist other security teams in identifying and mitigating threats related to this campaign.

For more information and ongoing updates, please visit the LastPass Labs Blog.

About LastPass

LastPass is a leading identity and password manager, making it easier to log in to life and work. Trusted by 100,000 businesses and millions of users, LastPass combines advanced security with effortless access for individuals, families, small business owners, and enterprise professionals. Learn more at www.lastpass.com and follow us on LinkedIn, X, Instagram, and Facebook.

View source version on businesswire.com: https://www.businesswire.com/news/home/20250922622759/en/

“We acted swiftly to identify and report the fraudulent GitHub pages impersonating LastPass, which have since been taken down. We continue to monitor this campaign and collaborate with industry partners to disrupt its infrastructure.”