A recent discovery by security firm Malwarebytes has revealed that fake ads circulating through Google Ads are promoting Mac malware designed to steal sensitive data from unsuspecting Internet users. The malicious ads are promoting a fake version of Arc, a browser that promises a clutter-free and personal browsing experience. The ads redirect users to a fake download page that closely resembles the legitimate Arc website, leading them to download a .dmg installation file that bypasses macOS security mechanisms.
Once installed, the malware sends data to a control panel hosted at a specific IP address, allowing cybercriminals to access stolen information. This Mac malware, known as Poseidon, is advertised as a full-service data stealer with the ability to extract cryptocurrency wallets, passwords, and more. The malware is actively being developed by criminals who are constantly looking for ways to evade detection by antivirus software.
The discovery of these malicious ads comes in the wake of a previous incident where fake ads promoting a fake version of Arc for Windows were used to distribute malware designed to steal information. Google Ads, like other major advertising networks, is regularly used to circulate malicious content, which is only removed once third parties notify the company. Google Ads has stated that it removes malicious ads once identified and suspends the advertiser responsible.
To protect themselves from such threats, Internet users are advised to download software only from official sources and to be cautious of any unusual installation instructions. Malwarebytes has provided indicators of compromise that can help individuals determine if they have been targeted by this Mac malware. The ongoing development and distribution of such malicious software highlight the need for users to remain vigilant and take necessary precautions to safeguard their sensitive data.
Article Source
https://arstechnica.com/security/2024/06/mac-info-stealer-malware-distributed-through-google-ads/