Care when you google for MacOS apps: developers in particular known indie applications for the Mac warn that clones are circulating on Github of their products that are apparently contaminated with ad or malware. The independent development of Jeff Johnson, known among other things through Stopthemadness Pro for Apple’s Safari browsernoticed Fake variants of his own appbut also from 1Blocker, Airfoil, Bbedit, VLC, Soundsource, Little Snitch, OmniOutliner and even the Figma app. Especially brazen: Protection programs from Malwarebytes were also cloned. Various of the fake applications were to be discovered if you simply searched for “MacOS” on Github. However, they also appeared well on Google because the scammer distributed suitable SEO keywords. Github, a Microsoft subsidiary, is informed, but does not come after deleting or does not react at all.
Video instructions with the request of password input
The fake applications each have their own github repositories and were created by recently created accounts. As a support or imprint address, use fake emails that contain the respective app name. The repositories also contain download links for the fake apps. These are forwarded to strange URLs, in which it is claimed that one is a “verified publisher”. In order to motivate users to install the scammer programs, there is a instruction video.
Users should either enter a terminal command and the admin password (equipped with a copy-button) or download the respective fake app as a DMG file and then install it via terminal-also by entering an admin password. In this way, the programs can then anchor themselves deeply in the system and serve serious damage and compensate for data.
Still unclear what the code is on the Mac
It is currently still unclear what exactly the scammer is doing with their apps. So far, Johnson has not been able to make analyzes of the code. An inquiry to the MacOS malware expert Patrick Wardle, whether he has already dealt with the topic, initially remained unanswered-so far he has not yet commented on the topic.
Users should basically be careful where they get their apps outside the Mac App Store. All of the scam apps mentioned so far have their own website “in real”, and only VLC is actually open to source. At the latest when asked to act in the terminal and enter your password there, you should be listening. How many victims of the scam has so far is unclear.
Discover more from Apple News
Subscribe to get the latest posts sent to your email.