Malvertising Campaign Spoofs GitHub to Deliver macOS Trojans
A malvertising campaign has been identified that uses a spoofed GitHub page to distribute macOS Trojans. The campaign disguises itself as a legitimate project called 'Jarvis AI Assistant' to lure users into downloading a trojanized installer. By employing zero-width space characters, the attackers evade detection and deliver malware through a convincing facade.
- ▪The campaign exploits the popularity of AI utilities by spoofing GitHub to distribute a trojanized version of an open-source repository.
- ▪Attackers used zero-width space characters in ad text to evade detection and create a convincing landing page.
- ▪Users who download the malicious DMG file unknowingly grant the trojan access to their microphone, keyboard, and screen.
Opening excerpt (first ~120 words) tap to expand
Malvertising Campaign Spoofs GitHub to Deliver macOS TrojansEvasive technique combines zero-width space (ZWSP) with Github spoofing to deliver malware through malvertisingRoshan, Eliya Stein, and ConfiantJun 02, 20261ShareCross-posted by Roshan"This campaign exploits the current popularity of AI utilities by using GitHub-spoofed infrastructure to distribute a trojanized version of an open-source repository with over 500 stars."- ConfiantWe recently detected a malvertising campaign distributing malware: a trojanized macOS Electron installer. The ad campaign was disguised to look like a legitimate personal open-source project called “Jarvis AI Assistant,” a speech-to-text project with 500 stars on GitHub.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Hacker News (Newest).
Discussion
0 commentsMore from Hacker News (Newest)
