A novel cyber campaign by Russian speaking actors abused legitimate internet services, such as GitHub and FileZilla, to deploy multiple malware variants, Recorded Future has reported. This includes the deployment of Atomic macOS Stealer (AMOS), the current version of which is capable of infecting both Intel-based and ARM-based Macs. This campaign is unique, partly because of the number of different malware families being deployed, and also the threat actor’s reliance on legitimate internet services and shared C2 infrastructure.

