"Threat Actors Abuse GitHub to Distribute Multiple Information Stealers"
"Threat Actors Abuse GitHub to Distribute Multiple Information Stealers"
A malicious campaign has used a legitimate GitHub profile to spread information-stealing malware. Russian-speaking threat actors have impersonated 1Password, Bartender 5, and other legitimate applications to distribute Atomic macOS Stealer (AMOS), Vidar, Lumma, and Octo malware. The malware operations shared Command-and-Control (C2) infrastructure, suggesting the use of a centralized setup in cross-platform attacks to increase efficiency.