Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Desktops (Apple) Google The Internet

Malware Spotted Injecting Bing Results Into Google Searches (theregister.co.uk) 44

A new strain of malware intercepts and tampers with internet traffic on infected Apple Macs to inject Bing results into users' Google search results. The Register reports: A report out this month by security house AiroAV details how its bods apparently spotted a software nasty that configures compromised macOS computers to route the user's network connections through a local proxy server that modifies Google search results. In this latest case, it is claimed, the malware masquerades as an installer for an Adobe Flash plugin -- delivered perhaps by email or a drive-by download -- that the user is tricked into running. This bogus installer asks the victim for their macOS account username and password, which it can use to gain sufficient privileges to install a local web proxy and configure the system so that all web browser requests go through it. That proxy can meddle with unencrypted data as it flows in and out to and from the public internet.

A root security certificate is also added to the Mac's keychain, giving the proxy the ability to generate SSL/TLS certs on the fly for websites requested. This allows it to potentially intercept and tamper with encrypted HTTPS traffic. This man-in-the-middle eavesdropping works against HTTP websites, and any HTTPS sites that do not employ MITM countermeasures. When the user opens their browser and attempts to run a Google search on an infected Mac, the request is routed to the local proxy, which injects into the Google results page an HTML iframe containing fetched Bing results for the same query, weirdly enough.
As for why, "it's believed the Bing results bring in web ads that generate revenue for the malware's masterminds," the report says.
This discussion has been archived. No new comments can be posted.

Malware Spotted Injecting Bing Results Into Google Searches

Comments Filter:
  • by Anonymous Coward

    "it's believed Bing results in web ads that generate revenue for the malware's masterminds," - Case closed?

  • Amazing (Score:5, Funny)

    by divide overflow ( 599608 ) on Friday June 07, 2019 @08:49PM (#58728584)
    This may be the only way to get people to use Bing.
  • I guess it surprises me that anyone would even consider installing Flash nowadays.

    • by AHuxley ( 892839 )
      Re "I guess it surprises me that anyone would even consider installing"
      Wonder when it will be a mp4 file that "plays" normally as the OS gets compromised.
      No user GUI installer steps needed.
      The mp4 file played as expected.
    • by zixxt ( 1547061 )

      Many people play Flash based games, and on older hardware Flash movie players run better than HTML5 based players.

    • but I've done it :P
    • I have flash installed. Java, too. But I also have both ublock origin and noscript. Double-paranoid mode, but it works.

  • WITM... better penetration...
  • MacOS malware, masquerading as an Adobe installer, taking hits from a Google service, and funneling hits to Bing.

    Microsoft what have you done!

"A mind is a terrible thing to have leaking out your ears." -- The League of Sadistic Telepaths

Working...