Cybercriminals are exploiting Google Ads to promote a fake Homebrew website that delivers AmosStealer malware, stealing personal data from unsuspecting users. The malicious ad displayed the correct Homebrew URL, making it difficult to detect the scam. Google has since removed the ad, but the incident highlights the growing threat of URL cloaking techniques used by threat actors to evade detection.
Using Google ads to push their malicious sites to the top of the results page is a trick cybercriminals use all too often. The latest example is a fake Homebrew website that uses an infostealer to swipe personal data, browser history, login information, and bank data from unsuspecting victims.
Spotted by Ryan Chenkie on X and reported by BleepingComputer, the malicious Google ad even displays the correct Homebrew URL “brew.sh,” so there’s no real way to spot the trick before clicking.Google is serving sponsored links to a Homebrew site clone that has a cURL command to malware. The URL for this site is one letter different than the official site. pic.twitter.com/TTpWRfqGWo For anyone who did click, the ad redirected them to a clone of the site hosted at “brewe.sh,” revealing the incorrect URL. According to a reply to the X post from Google’s Logan Kilpatrick, the ad has now been taken down — so no need to worry if you’re reading this. However, Chenkie and many of his commenters were surprised and confused by the ad’s ability to display the correct URL despite it not matching the link’s destination. It seems this strategy is called “URL cloaking” and Google has told BleepingComputer that it happens because “threat actors are evading detection by creating thousands of accounts simultaneously and using text manipulation and cloaking to show reviewers and automated systems different websites that a regular visitor would see.” Clearly, there’s a lot of work going in to trick Google into doing this, which means it could be a difficult problem for Google to fix. Right now, the company is “increasing the scale of its automated systems and human reviewers” to try and combat the problem, which certainly sounds expensive. It’s possible that this URL cloaking technique makes it much easier for cybercriminals to target websites like Homebrew. As a software package management system for macOS and Linux, its audience is pretty much guaranteed to be more knowledgable than the average online shopper and likely wouldn’t fall for an ad that blatantly displayed an incorrect URL. The infostealer used in this campaign was identified by security researcher JAMESWT as AmosStealer , and it’s specifically designed for macOS systems. Developed using Swift, the malware can run on both Intel and Apple Silicon devices and it’s sold to cybercriminals as a $1,000-per-month subscription. If you’re worried about malware campaigns like this, there are a few things you can do to stay safe. Firstly, as well as checking an ad’s displayed URL before you click, it’s now a good idea to check the URL of the page once it loads. Remember that only one character needs to be different, so make sure you do more than just give it a glance. Another way to avoid malware spread by Google ads specifically is to stop clicking on Google ads. If you search for a specific site, the normal version will always be included in the results below, so just skip the ad completely and avoid trouble that way. Otherwise, if you see an ad you’re interested in, search the name of the company or product it’s advertising rather than clicking on the ad directly. Lastly, if this is just one of many Google-based annoyances for you, you can always consider kicking Google to the curb. Search engines focusing on improved privacy such as DuckDuckGo or Qwant in Europe are viable alternatives if you’re interested in trying something new.
Cybersecurity GOOGLE ADS MALWARE URL CLOAKING AMOSSTEALER HOMEBREW
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Google Purging User Data: Save Your Google Maps Timeline NowGoogle is deleting inactive Google accounts and relocating Google Maps Timeline data to on-device storage for improved security. Learn how to save your location history data before it's gone.
Read more »
Apple and Google Search Deal at Risk as DOJ Eyes Google MonopolyThe ongoing Department of Justice case against Google, alleging a monopoly in search, has put a strain on Apple's partnership with Google. Apple's reliance on Google Search as the default engine on its devices is under scrutiny, and the potential breakup of Google could force Apple to seek alternative search options.
Read more »
New Google Leak Reveals Much-Needed Google Photos Feature UpgradeGoogle Photos' Photo Stacks Feature could be getting a much-needed upgrade, giving users manual control over stacking.
Read more »
Google To Restore Much-Needed Google Photos Feature, Report ClaimsGoogle Photos Users may soon regain an important Partner Sharing feature that Google removed last year.
Read more »
Microsoft Drops Fake Google Search UI After Public BacklashMicrosoft has quietly discontinued a deceptive user interface that mimicked Google's search page, aiming to mislead Bing users into believing they were interacting with Google's platform. The fake Google UI, discovered by Reddit users, featured a redesigned search bar, a Google Doodle-like image, and even subtle text mimicking Google's search interface. Days after its revelation, the deceptive UI vanished from Bing's search results. Google condemned the practice, calling it a tactic to confuse users and limit their choices.
Read more »
Google Moves Nest Protect to Google Home App, Sunsets Nest AppGoogle is transitioning the Nest Protect smoke and CO alarm to the Google Home app, marking the end of the standalone Nest app. Users can now manage Nest Protect alerts, tests, and settings through Google Home. This move also enables Google to sunset the Nest app, although it will remain in maintenance mode. Alongside the Nest update, Google Home gains expanded Matter smart lock support, including passcode management, one-tap entry, and automatic locking features.
Read more »