this post was submitted on 27 Jun 2024
372 points (98.7% liked)

Technology

59135 readers
2968 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
L3s@fry.gs
L4s@fry.gs
L4s@lemmy.world
enu@lemmy.world
372
Mac users served info-stealer malware through Google ads | Full-service Poseidon info stealer pushed by "advertiser identity verified by Google." (arstechnica.com)
submitted 4 months ago by ForgottenFlux@lemmy.world to c/technology@lemmy.world
35 comments fedilink hide all child comments
 

Mac malware that steals passwords, cryptocurrency wallets, and other sensitive data has been spotted circulating through Google ads, making it at least the second time in as many months the widely used ad platform has been abused to infect web surfers.

Like most other large advertising networks, Google Ads regularly serves malicious content that isn’t taken down until third parties have notified the company. Google Ads takes no responsibility for any damage that may result from these oversights. The company said in an email it removes malicious ads once it learns of them and suspends the advertiser and has done so in this case.

People who want to install software advertised online should seek out the official download site rather than relying on the site linked in the ad. They should also be wary of any instructions that direct Mac users to install apps through the right-click method mentioned earlier. The Malwarebytes post provides indicators of compromise people can use to determine if they’ve been targeted.

you are viewing a single comment's thread
view the rest of the comments
[–] autotldr@lemmings.world 4 points 4 months ago

This is the best summary I could come up with:

Digging further into the ad shows that it was purchased by an entity called Coles & Co, an advertiser identity Google claims to have verified.

The reason for this is to bypass a macOS security mechanism that prevents apps from being installed unless they’re digitally signed by a developer Apple has vetted.

The address happens to host the control panel for Poseidon, the name of a stealer actively sold in criminal markets.

The discovery comes a month after Malwarebytes identified a separate batch of Google ads pushing a fake version of Arc for Windows.

Like most other large advertising networks, Google Ads regularly serves malicious content that isn’t taken down until third parties have notified the company.

They should also be wary of any instructions that direct Mac users to install apps through the right-click method mentioned earlier.

The original article contains 534 words, the summary contains 138 words. Saved 74%. I'm a bot and I'm open source!