NEWS
NEWS
NEWS
Researchers discover macOS malware using Google’s Adwords
Researchers at security firm Cylance Inc. have discovered a new malvertising campaign that targets Apple Inc.’s macOS users through fake software downloads.
Disturbingly being offered on Google’s Adwords advertising network, the malvertising offers a copy of Google’s own Chrome web browser. If that’s not bad enough, those behind the scam acquired the top ranking position for the search “Google Chrome” with the ad suggesting the user would land at www.google.com/chrome. Instead, users who click on the ad are directed to googlechromelive.com which shows a fake download page for the browser.
“The malicious download link redirects macOS users through ttb.mysofteir.com, servextrx.com, and bundlesconceptssend.com then ultimately downloads a malicious file named FLVPlayer.dmg,” Cylance researcher Jeffrey Tang said in a blog post. “The malware hash changes on each download, making it difficult to detect and track. Windows users are ultimately redirected to admin.myfilessoft.com, which returns an error due to a DNS failure.”
The malware which as been called OSX/InstallMiez or OSX/InstallCore is said to pretend to open a file called FLV Player but instead actually loads a scareware program called Macpurifier, which tells the victim that their system is infected with viruses, and they need to download more files. Not surprisingly, those additional files are malware as well, further infecting the machine.
The goods news is that Cylance reported the malvertising campaign on Oct. 25 and Google acted properly in taking it down, but it does beg the question: How are scammers able to use Google Adwords to place fake ads for Google’s own Chrome browser to begin with, complete with fake URL in the ad?
Google’s own policy on the matter notes that “Google doesn’t allow the promotion of sites infected with malware, or the sale of malicious software,” and that “ads and extensions that don’t follow this policy may be disapproved.” The “may be” part could be the pertinent part, as it would appear that they are not even capable of scanning submitted ads falsely advertising the company’s own products.
Image credit: 143601516@N03/Flickr/CC by 2.0
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
