On GitHub: Numerous fakes of well-known Mac apps are circulating
In what appears to be a concerted effort, scammers are trying to distribute fake apps for Mac users. It is unclear what the purpose of this is.
"Instructions" for installing fake apps: professionally designed.
(Image: Screenshot via Jeff Johnson)
Watch out when googling for macOS apps: Developers, especially of well-known indie applications for the Mac, are warning that clones of their products are circulating on GitHub that are apparently contaminated with adware or malware. Independent developer Jeff Johnson, known among other things for StopTheMadness Pro for Apple's Safari browser, has noticed fake versions of his app, but also of 1Blocker, Airfoil, BBEDit, VLC, SoundSource, Little Snitch, OmniOutliner, and even the Figma app. Particularly brazen: Protection programs from Malwarebytes were also cloned. Various of the fake applications could be discovered by simply searching for “macOS” on GitHub. However, some of them also appeared with good rankings on Google because the scammers distributed suitable SEO keywords. GitHub, a Microsoft subsidiary, is informed but does not keep up with the deletion or does not respond at all.
Video instructions, including a request to enter a password
The fake applications each have their own GitHub repositories and were created by recently created accounts. They use fake emails containing the respective app name as the support or imprint address. The repositories also contain download links for the fake apps. These are redirected to strange URLs claiming to be “verified publishers.” To motivate users to install the scammer programs, there is an instructional video.
Videos by heise
Users should either enter a terminal command (equipped with a copy button) including the admin password or download the respective fake app as a DMG file and then install it via the terminal—also by entering an admin password. In this way, the programs can then embed themselves deep in the system and cause serious damage and access data.
It is still unclear what the code does on the Mac
It is still unclear what exactly the scammers do with their apps. Johnson has not yet been able to analyze the code. An inquiry to macOS malware expert Patrick Wardle whether he had already dealt with the issue initially went unanswered—on X has not yet commented on the issue.
Users should always be careful where they get their apps from outside the Mac App Store. All the scam apps mentioned so far have their own “real” website, and only VLC is actually open source. At the latest, when you are asked to act in the terminal and enter your password there, you should listen carefully. It is unclear how many victims the scam has had so far.
Empfohlener redaktioneller Inhalt
Mit Ihrer Zustimmung wird hier ein externer Preisvergleich (heise Preisvergleich) geladen.
Ich bin damit einverstanden, dass mir externe Inhalte angezeigt werden. Damit können personenbezogene Daten an Drittplattformen (heise Preisvergleich) übermittelt werden. Mehr dazu in unserer Datenschutzerklärung.
(bsc)
