Techly NewsGet the app

Get the latest tech news

GitHub-hosted copycat Mac app malware scam proliferates


First reported a few weeks ago on Reddit and on Michael Tsai’s blog, this scam unfortunately continues unabated. My own app StopTheMadness Pro has been impersonated on GitHub at least twice.

The search phrase "for macOS" on GitHub reveals countless such fakes, pretending to be well-known Mac apps such as 1Blocker, Airfoil, BBEdit, Figma, Little Snitch, Malwarebytes, OmniOutliner, SoundSource, and VLC Media Player. And there’s always a blatant “SEO Keywords” section on the page in order to game search engine results, already exploiting GitHub’s own prominent ranking. Note that they claim to be a “Verified Publisher.” Either way, through several more layers of indirection, the victim will eventually run a mysterious Mach-O executable, which I haven’t analyzed but which no doubt is up to no good.

Get the Android app

Or read this on r/apple

Read more on:

Photo of Mac

Mac

Photo of GitHub

GitHub

Related news:

News photo

Open Source Turmoil: RubyGems Maintainers Kicked Off GitHub

News photo

College football keeps picking iPad over Surface as fourth conference joins team Apple (Mid-American Conference (MAC) announced that it will equip coaching staffs across all 13 member institutions with iPad Pro and iPad Air models)

News photo

Is GitHub a social network that endangers children? Australia wants to know

« Collaborating with a robot biases human spatial attention
Tim Berners-Lee Urges New Open-Source Interoperable Data Standard, Protections from AI »