Poseidon malware menaces Mac users via GoogleAds
A MacOS malware named 'Poseidon' masquerades as the Arc web browser in Google ads, redirecting users to a fake site for trojan downloads. It aims to steal credentials and VPN settings for potential data theft. Researchers warn of its resemblance to the AtomicStealer malware family, advising caution in app downloads to prevent infection and data breaches.
Read original article
A new MacOS malware named 'Poseidon' is targeting users through Google ads, posing as links to download the Arc web browser. Once clicked, users are redirected to a fake site offering a trojan download instead. The malware aims to steal user account credentials and VPN configurations for data theft or resale. Researchers believe these attacks are the initial phase of a potential malware-for-hire service. The malware, identified as OSX.RodStealer, is designed to mimic the notorious AtomicStealer malware family and offers various functionalities like file grabbing, crypto wallet extraction, and password manager stealing. Malwarebytes advises Mac users to be cautious of their application sources and avoid suspicious sites or unsigned installers to prevent infection. The rise of info-stealing trojans for MacOS indicates a growing trend among cybercriminals targeting sensitive data like account credentials, crypto wallet keys, and VPN access configurations. Vigilance during app downloads is crucial to stay protected against evolving threats like Poseidon.
Related
The First Spatial Computing Hack
Ryan Pickren found a Safari bug letting websites flood a user's space with 3D objects. Apple fixed it (CVE-2024-27812) in June after Ryan's report. The bug exploited Apple AR Kit Quick Look, launching objects without consent.
Leaking URLs to the Clown
The author describes leaking URLs during Mac app testing, with a unique URL receiving requests from a random "cloud" service every three hours. This raises privacy concerns and highlights potential risks for users.
Polyfill supply chain attack hits 100K+ sites
A supply chain attack on Polyfill JS affects 100,000+ websites, including JSTOR and Intuit. Malware redirects mobile users to a betting site. Users advised to switch to trusted alternatives like Fastly and Cloudflare.
If you're using Polyfill.io code on your site – remove it immediately
A Chinese organization acquired polyfill.io, infecting 100,000+ websites with malware. Security warnings urge removal of its JavaScript code. Google blocks ads on affected sites. CDN mirrors aim to reduce risks.
Mac users served info-stealer malware through Google ads
Mac users targeted by info-stealer malware via Google ads promoting fake Arc browser for Mac. Malware sends data to Poseidon info stealer control panel, extracting wallets and passwords. Google disclaims responsibility. Users urged caution.
2 commentsRelated
The First Spatial Computing Hack
Ryan Pickren found a Safari bug letting websites flood a user's space with 3D objects. Apple fixed it (CVE-2024-27812) in June after Ryan's report. The bug exploited Apple AR Kit Quick Look, launching objects without consent.
Leaking URLs to the Clown
The author describes leaking URLs during Mac app testing, with a unique URL receiving requests from a random "cloud" service every three hours. This raises privacy concerns and highlights potential risks for users.
Polyfill supply chain attack hits 100K+ sites
A supply chain attack on Polyfill JS affects 100,000+ websites, including JSTOR and Intuit. Malware redirects mobile users to a betting site. Users advised to switch to trusted alternatives like Fastly and Cloudflare.
If you're using Polyfill.io code on your site – remove it immediately
A Chinese organization acquired polyfill.io, infecting 100,000+ websites with malware. Security warnings urge removal of its JavaScript code. Google blocks ads on affected sites. CDN mirrors aim to reduce risks.
Mac users served info-stealer malware through Google ads
Mac users targeted by info-stealer malware via Google ads promoting fake Arc browser for Mac. Malware sends data to Poseidon info stealer control panel, extracting wallets and passwords. Google disclaims responsibility. Users urged caution.