Happy Friday, what's new with the bad guys this week? Criminals are hyper-targeting Mac users, using Google Ads to trick clicks to fake software download websites. These fake sites have 1 purpose and 1 purpose alone: to install Atomic Stealer onto victim's Mac's which instantly harvests saved browser passwords, Apple keychain passwords and steals any Crypto assets anywhere in the computer.
Malwarebytes published an article Wednesday detailing the workflow these criminals are using. In short, here's what you need to know:
1) The click bait is coming in via malicious Google Ads targeting Mac users. Don't like Google Ads? Try a browser extension such as uBlock Origin.
2) Those looking to download a new program will naturally turn to Google and run a search. Threat actors are buying ads matching well-known brands and tricking victims into visiting their site as if it were the official page.
3) The malware is bundled in an ad-hoc signed app so it cannot be revoked by Apple. This means that it will be up to the user to stop the program from being installed.
Unfortunately many Mac users are under the false impression that Macs are invulnerable to viruses, spyware and intrusion. It's going to be up to you to strengthen your human firewall, check the url of the website before installing software and using discretion before installing anything onto your computer.
Macs are great! I'm using one know to type this message to you. Just use caution, discernement and care in all of your online activities.
Stay safe out there.
New interview: More Scams in the Wake of the Fire (ThinkTech Tech Talks)