For the last few years, Mac users are facing a wave of fake apps on Microsoft-owned GitHub that disguise themselves as popular software, only to trick victims into handing over their passwords.
GitHub Mac malware is on the rise
GitHub Mac malware is on the rise
The scam first surfaced in early September 2025 on the r/macapps forum, when a user spotted suspicious repositories mimicking well-known Mac utilities. Developer Michael Tsai later described how his EagleFiler app was cloned on GitHub, complete with stolen icons and marketing text.
The “download” wasn’t an app at all but a Base64 command that installed a shell script harvesting the user’s password.