UPDATED 02:17 EDT / NOVEMBER 02 2016

NEWS

Researchers discover macOS malware using Google’s Adwords

Researchers at security firm Cylance Inc. have discovered a new malvertising campaign that targets Apple Inc.’s macOS users through fake software downloads.

Disturbingly being offered on Google’s Adwords advertising network, the malvertising offers a copy of Google’s own Chrome web browser. If that’s not bad enough, those behind the scam acquired the top ranking position for the search “Google Chrome” with the ad suggesting the user would land at www.google.com/chrome. Instead, users who click on the ad are directed to googlechromelive.com which shows a fake download page for the browser.

“The malicious download link redirects macOS users through ttb.mysofteir.com, servextrx.com, and bundlesconceptssend.com then ultimately downloads a malicious file named FLVPlayer.dmg,” Cylance researcher Jeffrey Tang said in a blog post. “The malware hash changes on each download, making it difficult to detect and track. Windows users are ultimately redirected to admin.myfilessoft.com, which returns an error due to a DNS failure.”

The malware which as been called OSX/InstallMiez or OSX/InstallCore is said to pretend to open a file called FLV Player but instead actually loads a scareware program called Macpurifier, which tells the victim that their system is infected with viruses, and they need to download more files. Not surprisingly, those additional files are malware as well, further infecting the machine.

The goods news is that Cylance reported the malvertising campaign on Oct. 25 and Google acted properly in taking it down, but it does beg the question: How are scammers able to use Google Adwords to place fake ads for Google’s own Chrome browser to begin with, complete with fake URL in the ad?

Google’s own policy on the matter notes that “Google doesn’t allow the promotion of sites infected with malware, or the sale of malicious software,” and that “ads and extensions that don’t follow this policy may be disapproved.” The “may be” part could be the pertinent part, as it would appear that they are not even capable of scanning submitted ads falsely advertising the company’s own products.

Image credit: 143601516@N03/Flickr/CC by 2.0

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU