Malware Spotted Injecting Bing Results Into Google Searches

A new strain of malware intercepts and tampers with internet traffic on infected Apple Macs to inject Bing results into users' Google search results. The Register reports: A report out this month by security house AiroAV details how its bods apparently spotted a software nasty that configures compromised macOS computers to route the user's network connections through a local proxy server that modifies Google search results. In this latest case, it is claimed, the malware masquerades as an installer for an Adobe Flash plugin -- delivered perhaps by email or a drive-by download -- that the user is tricked into running. This bogus installer asks the victim for their macOS account username and password, which it can use to gain sufficient privileges to install a local web proxy and configure the system so that all web browser requests go through it. That proxy can meddle with unencrypted data as it flows in and out to and from the public internet.

A root security certificate is also added to the Mac's keychain, giving the proxy the ability to generate SSL/TLS certs on the fly for websites requested. This allows it to potentially intercept and tamper with encrypted HTTPS traffic. This man-in-the-middle eavesdropping works against HTTP websites, and any HTTPS sites that do not employ MITM countermeasures. When the user opens their browser and attempts to run a Google search on an infected Mac, the request is routed to the local proxy, which injects into the Google results page an HTML iframe containing fetched Bing results for the same query, weirdly enough. As for why, "it's believed the Bing results bring in web ads that generate revenue for the malware's masterminds," the report says.

Re:

[DontBeAMoran]

Ned Ryerson!

AHA!

[Anonymous Coward]

"it's believed Bing results in web ads that generate revenue for the malware's masterminds," - Case closed?

Amazing

[divide overflow]

This may be the only way to get people to use Bing.

Re: Amazing

[Anonymous Coward]

Nah I love Bing, they always promote headlines from UK tabloids. I could be searching for a recipe for french onion soup, and the second result will be an article about some chav tart that locked her twins in the boot so she could fuck a footballer in the loo of a kebab shop

Re:

[phantomfive]

And recently there was a research or something called such, aka Microsoft marketing drivel, which was saying BING usage is up and BING is no longer sucking billions of dollars from Microsoft investor profits. Who do we trust?

You can trust them both. The malware makes a fake Bing search, the search goes to the page of the malware creator, where the advertiser pays for an ad (to Microsoft, who pays malware creator).

So in the end, the advertiser gets ripped off, Microsoft gets paid, and the malware creator gets paid. The world is equitable.

Masquerades as a Flash installer

[93 Escort Wagon]

I guess it surprises me that anyone would even consider installing Flash nowadays.

Re:

[AHuxley]

Re "I guess it surprises me that anyone would even consider installing"
Wonder when it will be a mp4 file that "plays" normally as the OS gets compromised.
No user GUI installer steps needed.
The mp4 file played as expected.

Re:

[Cmdln Daco]

If your hardware has the dongle, it's the default OS installed. There are bugfixes but many people never apply them.

Re:

[zixxt]

Many people play Flash based games, and on older hardware Flash movie players run better than HTML5 based players.

Re:Not installed,

[wolfheart111]

but I've done it :P

Re:

[drinkypoo]

I have flash installed. Java, too. But I also have both ublock origin and noscript. Double-paranoid mode, but it works.

MITM not as good as

[wolfheart111]

WITM... better penetration...

Connect the dots people!

[thegarbz]

MacOS malware, masquerading as an Adobe installer, taking hits from a Google service, and funneling hits to Bing.

Microsoft what have you done!