Mac users served info-stealer malware through Google ads
Mac users targeted by info-stealer malware via Google ads promoting fake Arc browser for Mac. Malware sends data to Poseidon info stealer control panel, extracting wallets and passwords. Google disclaims responsibility. Users urged caution.
Read original article
Mac users have been targeted by an info-stealer malware distributed through Google ads, marking the second instance in recent months of the ad platform being exploited for malicious purposes. Security firm Malwarebytes discovered ads promoting a Mac version of the Arc browser, leading users to a fake website resembling the real one. The malware, once installed, sends data to a control panel associated with the Poseidon info stealer. This malware boasts features like extracting cryptocurrency wallets and stealing passwords from various sources. The malicious ads were traced back to an advertiser verified by Google, highlighting the challenges in ad network security. Google Ads, like other networks, removes malicious content upon notification but disclaims responsibility for resulting damages. Users are advised to download software from official sources and be cautious of installation instructions that deviate from standard practices. Malwarebytes provides indicators of compromise for potential targets to identify if they have been affected by this malware campaign.
Related
The First Spatial Computing Hack
Ryan Pickren found a Safari bug letting websites flood a user's space with 3D objects. Apple fixed it (CVE-2024-27812) in June after Ryan's report. The bug exploited Apple AR Kit Quick Look, launching objects without consent.
Leaking URLs to the Clown
The author describes leaking URLs during Mac app testing, with a unique URL receiving requests from a random "cloud" service every three hours. This raises privacy concerns and highlights potential risks for users.
Polyfill supply chain attack hits 100K+ sites
A supply chain attack on Polyfill JS affects 100,000+ websites, including JSTOR and Intuit. Malware redirects mobile users to a betting site. Users advised to switch to trusted alternatives like Fastly and Cloudflare.
If you're using Polyfill.io code on your site – remove it immediately
A Chinese organization acquired polyfill.io, infecting 100,000+ websites with malware. Security warnings urge removal of its JavaScript code. Google blocks ads on affected sites. CDN mirrors aim to reduce risks.
Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack
Namecheap took down Polyfill.io due to a supply chain attack. Malware was distributed to 110,000 websites, redirecting mobile users to a betting site. Google warned affected pages. Users should remove Polyfill.io and consider alternatives like Cloudflare or Fastly.
4 commentsRelated
The First Spatial Computing Hack
Ryan Pickren found a Safari bug letting websites flood a user's space with 3D objects. Apple fixed it (CVE-2024-27812) in June after Ryan's report. The bug exploited Apple AR Kit Quick Look, launching objects without consent.
Leaking URLs to the Clown
The author describes leaking URLs during Mac app testing, with a unique URL receiving requests from a random "cloud" service every three hours. This raises privacy concerns and highlights potential risks for users.
Polyfill supply chain attack hits 100K+ sites
A supply chain attack on Polyfill JS affects 100,000+ websites, including JSTOR and Intuit. Malware redirects mobile users to a betting site. Users advised to switch to trusted alternatives like Fastly and Cloudflare.
If you're using Polyfill.io code on your site – remove it immediately
A Chinese organization acquired polyfill.io, infecting 100,000+ websites with malware. Security warnings urge removal of its JavaScript code. Google blocks ads on affected sites. CDN mirrors aim to reduce risks.
Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack
Namecheap took down Polyfill.io due to a supply chain attack. Malware was distributed to 110,000 websites, redirecting mobile users to a betting site. Google warned affected pages. Users should remove Polyfill.io and consider alternatives like Cloudflare or Fastly.