SecureMac, Inc.

Malvertising Hits macOS Users Through Google AdWords

December 12, 2016

With the huge number of ads present on the web today, it’s no surprise that they’re often a target and an attack vector for hackers looking for an open door. We’ve discussed malvertising here before to alert our readers to the potential threat. Now there comes word from security researchers that malvertisers executed a campaign specifically targeting macOS users early in November. This time the target was users who were hoping to install Google Chrome.

When searching for the keywords “Google Chrome,” a malicious ad purchased by the …

Malvertising Hits macOS Users Through Google AdWords

With the huge number of ads present on the web today, it’s no surprise that they’re often a target and an attack vector for hackers looking for an open door. We’ve discussed malvertising here before to alert our readers to the potential threat. Now there comes word from security researchers that malvertisers executed a campaign specifically targeting macOS users early in November. This time the target was users who were hoping to install Google Chrome.

When searching for the keywords “Google Chrome,” a malicious ad purchased by the attackers would redirect users to a malicious download page. On the search landing page, however, the URL appeared as normal, as though a visiting user would land on the official Google webpage. However, clicking the ad leads to a different site loaded with what looks like legitimate Chrome material. While savvy users would likely notice the suspicious URL right away, there are certainly many who might not. Once on the malicious page, users would find the download link for which they initially searched. Instead of the actual Chrome install package, however, it is malware designed to infect macOS.

When run, the user will see that Chrome is not installing, but instead a fake “FLV Player.” After deploying onto the system, the malware attempts to frighten the user into believing their system suffering from many problems and directing them to download further software. Meanwhile, the malware takes up residence with yet more unwanted software.

Some positive news, however: the malicious ad was noticed, reported, and removed all in short order. As such, this particular malvertising is no longer a threat, and an anti-malware scan will quickly sort out any lingering infection. Despite the end of the threat, however, users should remember to continue exercising caution. Such Instances show that even Mac users need to be wary about the links they click.

Should you click a link and arrive on a page you didn’t expect, exit immediately. Pay closer attention to the URLs of the pages you visit; this can help you to spot an anomaly. Additionally, it’s a smart idea to be cautious about clicking on ads; there’s no telling where you might end up sometimes. While Google’s vigilance reduces the threat of malvertising, we know that its popularity among hackers and spammers continues to rise. Therefore, we suggest you continue regular anti-malware scans and observance of best practices regarding web ads.

Get the latest security news and deals