Ads prominently displayed on search engines are impersonating a wide range of online services in a bid to infect Macs with a potent credential stealer, security companies have warned. The latest reported target is users of the LastPass password manager.
Late last week, LastPass said it detected a widespread campaign that used search engine optimization to display ads for LastPass macOS apps at the top of search results returned by search engines, including Google and Bing. The ads led to one of two fraudulent GitHub sites targeting LastPass, both of which have been taken down. The pages provided links promising to install LastPass on MacBooks. In fact, they installed a macOS credential stealer known as Atomic Stealer, or alternatively, Amos Stealer.
Dozens targeted
“We are writing this blog post to raise awareness of the campaign and protect our customers while we continue to actively pursue takedown and disruption efforts, and to also share indicators of compromise (IoCs) to help other security teams detect cyber threats,” LastPass said in the post.
