Mac malware that steals passwords, cryptocurrency wallets, and other sensitive data has been spotted circulating through Google ads, making it at least the second time in as many months the widely used ad platform has been abused to infect web surfers.
Like most other large advertising networks, Google Ads regularly serves malicious content that isn’t taken down until third parties have notified the company. Google Ads takes no responsibility for any damage that may result from these oversights. The company said in an email it removes malicious ads once it learns of them and suspends the advertiser and has done so in this case.
People who want to install software advertised online should seek out the official download site rather than relying on the site linked in the ad. They should also be wary of any instructions that direct Mac users to install apps through the right-click method mentioned earlier. The Malwarebytes post provides indicators of compromise people can use to determine if they’ve been targeted.
This is the best summary I could come up with:
Digging further into the ad shows that it was purchased by an entity called Coles & Co, an advertiser identity Google claims to have verified.
The reason for this is to bypass a macOS security mechanism that prevents apps from being installed unless they’re digitally signed by a developer Apple has vetted.
The address happens to host the control panel for Poseidon, the name of a stealer actively sold in criminal markets.
The discovery comes a month after Malwarebytes identified a separate batch of Google ads pushing a fake version of Arc for Windows.
Like most other large advertising networks, Google Ads regularly serves malicious content that isn’t taken down until third parties have notified the company.
They should also be wary of any instructions that direct Mac users to install apps through the right-click method mentioned earlier.
The original article contains 534 words, the summary contains 138 words. Saved 74%. I’m a bot and I’m open source!