Mac users are advised to be cautious when clicking on search ads, as cyber criminals are using them to spread incredibly harmful malware.
Whilst Apple’s devices have long been viewed as the safety-conscious choice, they’re far from being invincible – and hackers are exploiting this with the use of dodgy search ads that aren’t what they claim to be.
Cyber security firm Malwarebytes discovered a fake ad being displayed for users who searched Google for the term ‘Microsoft Teams for Mac’. Anyone who clicked on this particular ad would be directed to a site that looked legitimate, featuring the Apple logo and further information about the MS Teams platform. However, it wasn’t Teams the user would be downloading, but Atomic Stealer malware – capable of grabbing files and even Apple Keychain passwords.
The use of Google Ads, as well as inclusion of the Apple logo on the landing page shows just how difficult it can be for the average user to spot that there would be anything amiss. However, there were a few red flags for those who knew where to look.
First off was the URL – something that can’t be hidden behind fake deployments of brand logos. Here, instead of the official Microsoft or even Apple sites, users were taken to teambusiness[dot]org.
There was also a stumbling block when it came to the installation of the malware file. Users who had downloaded the software were asked to right click to install – something that should very rarely be done on Mac devices as it’s most often a way of bypassing the built-in security protocols.
There was also the simple fact that this was a Google Ad. In the organic listings, by comparison, the legitimate site would almost certainly be in position 1.
This last point was noted by tech journalist Anthony Spadafora, who wrote for Tom’s Guide: “Over the past few years, we’ve seen hackers routinely use fake ads in their malware campaigns due to how successful this tactic can be. Fortunately, if you scroll down past the ads, you can avoid falling victim to this and other similar campaigns designed to infect your Mac with password-stealing malware.”