Mac malware distributed through Google ads steals user passwords
Advertisements that look like normal online ads but lead users to fraudulent websites for spreading malware are called '
'Poseidon' Mac stealer distributed via Google ads | Malwarebytes
https://www.malwarebytes.com/blog/news/2024/06/poseidon-mac-stealer-distributed-via-google-ads
Mac users served info-stealer malware through Google ads | Ars Technica
According to Malwarebytes, the fake Arc ads that appear in Google searches are served by an entity called 'Coles & Co.'
Clicking on this ad takes you to a site that looks like the download page for Arc for macOS.
When you download a DMG file, you are prompted to 'right-click the icon to open the menu, and then click 'Open.'' According to overseas media Ars Technica, this procedure is a way to bypass the macOS security mechanism that blocks the installation of apps unless the software is digitally signed by a developer vetted by Apple.
Following the on-screen instructions will not install Arc, but instead install the malware Poseidon, a full-service macOS stealer with features such as a file grabber, cryptocurrency wallet extractor, and the ability to steal data from password managers such as Bitwarden and KeePass.
Malwarebytes warned, 'These threats are real, and malicious actors are constantly looking for new victims. To protect yourself from these threats, you need to be vigilant when downloading and installing new apps.'
Regarding this ad, Ars Technica stated, 'Google Ads regularly distributes malicious content and its removal is subject to third-party reports. We have been informed that Google recognized this ad as malicious, immediately removed it, and suspended the advertiser.'
Related Posts: