Mac malware that steals users' passwords is distributed through Google ads – Livedoor News

Mac malware that steals user passwords is distributed through Google ads

Advertisements that appear as regular online ads and direct users to malicious websites used to spread malware are called “malvertising.” On June 24, 2024, security firm Malwarebytes discovered that malware disguised as the macOS version of the Arc web browser was being advertised in Google ads, urging caution.

'Poseidon' Mac hijacker spreads via Google Ads | Malwarebytes

‘Poseidon’ Mac stealer distributed via Google ads

Mac users introduced information-stealing malware through Google Ads| Ars Technica

https://arstechnica.com/security/2024/06/mac-info-stealer-malware-distributed-through-google-ads/

According to Malwarebytes, the fake Arc ads appearing in Google searches are distributed by an entity called Coles & Co.

Clicking this ad opens a site that looks like a download page for the macOS version of Arc.

When downloading a DMG file, you will be prompted to “Right-click the icon to open the menu and then click Open”. According to foreign media Ars Technica, the move is a way to bypass the macOS security mechanism that prevents apps from being installed unless the software is digitally signed by a developer vetted by Apple.

If you follow the on-screen instructions, Arc will not be installed, but the “Poseidon” malware will be installed instead. Poseidon is a full-service theft tool for Mac with features like “steal data from file grabbers, cryptocurrency wallet extractors, and password managers like Bitwarden and KeePass.”

“These threats are real, and malicious attackers are always looking for new victims. To protect yourself from these threats, make sure to be careful when downloading and installing new applications. We need to be careful,” says Malwarebytes.

Regarding this ad, Ars Technica said: “Google ads regularly distribute harmful content, and leave the removal process up to third parties to report. Google considers this ad to be malicious. “We received a report confirming this, and we immediately removed it. Stop the advertiser.”