Malvertising campaign distributes malware disguised as GitHub Desktop installers, targeting IT workers in the European Union

A malvertising campaign is distributing malware disguised as GitHub Desktop installers, targeting IT workers in the European Union. The attackers use malicious Google Ads to direct users to a fake GitHub repository page, which then prompts downloads from a lookalike domain. This delivers malware like Atomic Stealer for macOS and a complex MSI file for Windows designed to evade detection. The campaign, dubbed GPUGate, employs anti-analysis techniques, including GPU checks, and aims to steal credentials, deploy ransomware, or facilitate supply chain attacks. It remains active, with attackers using multiple redundant command-and-control servers.