Most Google ads are harmless, but if you come across an ad promoting a specific web browser, don’t click on it.
Security researchers have discovered new malware for Mac devices that steals passwords, cryptocurrency wallets, and other sensitive data.
It poses as Arc, a new browser that has recently gained popularity due to its unconventional user experience.
For security alerts and expert tips, sign up for KURT’s newsletter, The Cyberguy Report.
Actual new browser image. (arc)
How Mac malware infects your device
Mac malware hides behind sponsored search results. Clicking on the ads redirects you to arc-download.[.]com is a fake website that pretends to offer the Mac version of Arc. The downloaded file looks like a typical Mac app installer.
There’s one caveat, though: instead of the simple process of double-clicking the file, you’re prompted to right-click and select Open to run the file. This is to circumvent security measures that are in place on Macs. By forcing you to skip this step, the malware tricks you into installing it.
What is Artificial Intelligence (AI)?
Analysis of the malware code reveals that once installed, the thieves send passwords and other stolen information to the IP address 79.137.192.4, which turns out to be home to the malware’s control panel. This clever panel allows cybercriminals to access the data they steal from infected accounts.
“We’re seeing increased Mac malware development with an emphasis on theft,” wrote Jerome Segura, principal malware intelligence analyst at Malwarebytes. “As this article makes clear, there are many contributing factors to this criminal activity. Vendors need to convince potential customers that their products are feature-rich and have low detection rates by antivirus software.”
Fake Arc Browser ads. (Malwarebytes)
Android banking Trojan poses as Google Play to steal data
Mac malware “verified by Google”
The Mac malware disguised as a Google ad is called Poseidon. Malwarebytes researchersClicking on the “more information” option next to the advert shows it was purchased by an organisation called Coles & Co, which claims to have verified the advertiser’s identity with Google.
Google verifies all companies that want to advertise on its platform. In Google’s own words, the purpose of this process is to “provide a safe and trusted advertising ecosystem for users and comply with new regulations.” However, if advertisers are able to openly distribute malware to users, there seems to be some flaw in the verification process. It’s Google’s job to do all it can to block bad ads, but sometimes bad actors manage to temporarily evade detection.
Click here to get FOX Business on the go
This isn’t the first time that cybercriminals have exploited Google ads: we reported on them being abused back in May. Displaying fake websites at the top of search resultsThese websites pretend to be trustworthy and will steal your money and personal information.
In this latest case, Google identified the issue and suspended the advertiser’s account for violating its policies and removed all ads from the platform prior to Malwarebytes’ report.
We reached out to Google and a spokesperson provided the following statement:
“We prohibit ads that misrepresent the advertiser’s identity in an attempt to mislead users and circumvent our enforcement. When we identify ads that violate our policies, we promptly remove them and, where appropriate, suspend any associated advertiser accounts, which is what we did in this case.”
Behind the fake adverts is a fake organisation called Coles & Co. (Malwarebytes)
Banking Trojan targets more apps, putting Android users at risk
5 ways to protect yourself from Google Ads malware
It can be hard to tell which Google ads are bad. To protect yourself from these Google search scams, follow these 5 tips:
1. Bookmark or save the URL: If you frequently visit certain sites, especially social media or financial platforms, bookmark or save the URL for that site. This will help you land on the correct page and avoid counterfeit pages.
2. Don’t click on unknown links. Always type website addresses directly into your browser’s address bar, especially avoid clicking links sent in emails or on unfamiliar websites that may lead to fake or malicious pages. Manually typing URLs ensures that you’re going to the correct site you want, reducing the risk of phishing attacks and other online threats.
The best way to protect yourself from clicking on malicious links that install malware that can access your personal information is to install strong antivirus protection on all your devices. Phishing emails or Ransomware scam. Get my picks for the winners of the best antivirus protection of 2024 for Windows, Mac, Android and iOS devices.
3. Download apps from trusted platforms: If you want to download apps to your Mac or other Apple devices, use the App Store. Apple has strict security guidelines and only allows safe and legitimate apps to be hosted on its platform.
4. Keep your browser up to date for maximum security. It’s important to update your browser regularly, as updates often include security patches to protect against newly discovered vulnerabilities.
5. Be aware that urgent requests may be scams. Always be cautious if someone urgently asks you to transfer money, provide personal information or click on a link – it’s likely a scam.
How to remove your personal information from the internet
Important points about the cart
The Poseidon malware incident should serve as a warning to everyone to be extremely cautious about online advertising, especially ads for popular software. Don’t just click on the first sponsored search result you see, and only download apps from trusted sources, such as official app stores. For extra security, consider using strong antivirus protection.
Click here to get the FOX News app
Are you confident that you can distinguish between genuine and fake download sites? Cyberguy.com/Contact Us
If you want to receive more of my tech tips and security alerts, subscribe to the free CyberGuy Report newsletter at the link below. Cyberguy.com/Newsletter
Have a question for Kurt or tell us the story you’d like to see featured?.
Follow Kurt on his social channels:
Answers to the CyberGuy’s most frequently asked questions:
Copyright 2024 CyberGuy.com. All Rights Reserved.
