Hackers using Google Ads to spread malware

Mac users are advised to be cautious when clicking on search ads, as cyber criminals are using them to spread incredibly harmful malware.

Whilst Apple’s devices have long been viewed as the safety-conscious choice, they’re far from being invincible – and hackers are exploiting this with the use of dodgy search ads that aren’t what they claim to be.

Cyber security firm Malwarebytes discovered a fake ad being displayed for users who searched Google for the term ‘Microsoft Teams for Mac’. Anyone who clicked on this particular ad would be directed to a site that looked legitimate, featuring the Apple logo and further information about the MS Teams platform. However, it wasn’t Teams the user would be downloading, but Atomic Stealer malware – capable of grabbing files and even Apple Keychain passwords.

The use of Google Ads, as well as inclusion of the Apple logo on the landing page shows just how difficult it can be for the average user to spot that there would be anything amiss. However, there were a few red flags for those who knew where to look.

First off was the URL – something that can’t be hidden behind fake deployments of brand logos. Here, instead of the official Microsoft or even Apple sites, users were taken to teambusiness[dot]org.

There was also a stumbling block when it came to the installation of the malware file. Users who had downloaded the software were asked to right click to install – something that should very rarely be done on Mac devices as it’s most often a way of bypassing the built-in security protocols.

There was also the simple fact that this was a Google Ad. In the organic listings, by comparison, the legitimate site would almost certainly be in position 1.

This last point was noted by tech journalist Anthony Spadafora, who wrote for Tom’s Guide: “Over the past few years, we’ve seen hackers routinely use fake ads in their malware campaigns due to how successful this tactic can be. Fortunately, if you scroll down past the ads, you can avoid falling victim to this and other similar campaigns designed to infect your Mac with password-stealing malware.”

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Hackers using Google Ads to spread malware

Categories

Horsham Office: 01293 871971 | London Office: 0203 763 3919 | IT Support: 01293 876000