Beware of This Malware Disguised As Real Apps
Attackers use malware disguised as trusted software (such as 1Password, Bartender 5, and Pixelmator Pro) to infect Windows and macOS computers. The malware is distributed through exploits hosted on GitHub and FileZilla to effectively infect target computers.
The malware gives the group behind the operation, based in the Commonwealth of Independent States ( CIS ), access to elevated privileges on infected computers. This allows them to disable security features and infect your computer with even more malware. While some of these malware are focused on collecting personal information, many of them can also target crypto wallets and banking software.
It also appears that attackers can host files on more than just GitHub and FileZilla, with fake app websites also sending redirects to payloads hosted on both Dropbox and Bitbucket. Cybersecurity firm Insikt Group says the malware appears to be linked to a campaign that has been running since at least August 2023 and was designed to spread malware including Lumma, RedLine, Vidar, Rhadamanthys, DarkComet RAT and DanaBot.
This development is just part of the ongoing news about these types of malware, including Activator, which is still a “very active threat,” according to The Hacker News . It can be used to disable the notification center in macOS, as well as run several rounds of Python scripts that are intended to be malicious and persistent.
Until now, this type of malware has mainly been spread through SEO poisoning campaigns and malvertising (malware advertising). Due to the spread of this malware throughout the Internet, it is highly recommended to avoid clicking on advertisements and sponsored web search results, as well as websites with third-party advertisements, as ad infection campaigns have been a popular method of spreading online. the past too.