back to article Apple fans using Chrome on alert for Mac malware

Security researchers at Cylance have uncovered a malware-spreading campaign that uses Google AdWords to pump out rogue code to macOS users. The malefactors bought the AdWords top ranking for the search term "Google Chrome," which appeared to lead the user to www.google.com/chrome. In fact it redirected them to googlechromelive …

  1. Anonymous Coward
    Anonymous Coward

    Ah, the wonders of Internet advertising

    Real or fake, both as bad as each other.

    1. big_D

      Re: Ah, the wonders of Internet advertising

      Make the advertising broker responsible for any infection and the costs of cleaning up, then maybe they would actually look at vetting their service instead of blithely letting their ads infect their users.

      Here, in Germany, if a website gets infected by malware and that is used to attack other websites, you are liable and must pay damages.

  2. JMiles

    Long gone are the days that Mac users were more secure because they'd represent a more technically astute user-base and because the base was small enough for malware authors not to bother targeting them...aka The Good Ole' Days.

    1. patrickstar

      Uhm, your average Mac user is as, if not more, clueless as your average Windows user...

      1. servxcess

        Apple pulled this: were able to sell a machine dubbed 'PRO' with 4GB soldered RAM in 2013...

        Anyway, Miez is the word for Core in romanian..

      2. Anonymous Coward
        Anonymous Coward

        Source of this statement please (university or government source preferably, BBC not acceptable), or its false news.

    2. Ragarath

      Where did the technically astute bit come in? Never heard that myself.

    3. Lee D Silver badge

      Glad it's not just me that picked up on that "astute" line.

      From my experience, Mac users think they are invincible and don't even understand that opening unwarranted attachments is a dangerous thing on any OS.

      I still hear the "don't get viruses on Mac / Linux" lines and I cannot resist correcting them. I'm a MASSIVE Linux fan. I hate Mac. But they are both general purpose operating systems that, along with Windows, have all kinds of vulnerabilities that can be exploited if any user is lax in how they manage incoming data.

      It doesn't matter the patch-level, the OS revision or the OS type itself, they are all vulnerable. Thinking otherwise is like trying to convince yourself that just because you live in a nice area, or have a lock on your door, that you won't get burgled.

      1. Anonymous Coward
        Anonymous Coward

        Glad it's not just me that picked up on that "astute" line.

        It was a new one for me too. I thought the original audience was the creative crowd who may be have a good technical knowledge on design, but generally less on IT (that said, the ones doing animation are of another class altogether).

        From my experience, Mac users think they are invincible and don't even understand that opening unwarranted attachments is a dangerous thing on any OS.

        End users are end users are end users. You can even trojan a Linux box with deception if you can convince an innocent end user to install your stuff.

        I still hear the "don't get viruses on Mac / Linux" lines and I cannot resist correcting them.

        I didn't like the Apple campaign in that respect either. At the time it was correct, but at the same time it was the Internet equivalent of fitting a "kick me" sign on the back of Mac users as well as making them careless. Not their finest moment.

        I'm a MASSIVE Linux fan. I hate Mac. But they are both general purpose operating systems that, along with Windows, have all kinds of vulnerabilities that can be exploited if any user is lax in how they manage incoming data.

        I like both Linux and macOS - the former we use on servers, the latter as desktop. Work :).

        It doesn't matter the patch-level, the OS revision or the OS type itself, they are all vulnerable. Thinking otherwise is like trying to convince yourself that just because you live in a nice area, or have a lock on your door, that you won't get burgled.

        True to some degree - the difference lies in how much effort you have to invest in keeping it safe. For our use, it's simply less with Linux and macOS and because we pretty much abandoned Windows our expertise there has aged which doesn't help either..

      2. Lord Elpuss Silver badge

        "I still hear the "don't get viruses on Mac / Linux" lines and I cannot resist correcting them. "

        I don't get viruses on Mac. You can try to correct me, but you would be mistaken.

        OSX since 2006. Firewall & Filevault enabled, but no virus scanner. I'm careful with what I click on, but apart from that I do what I want online. I've never had a virus, worm, trojan, malware or anything else. I tried this on Windows 7 on a disposable laptop, and it was crippled within 2 months. Same usage pattern.

        1. patrickstar

          For some weird reason, I don't get viruses/malware on any of my boxes, regardless of what they run - Windows, Linux, Solaris, MacOS, etc.

          Last time I had something like that happen on Windows was 2003 by the way - and that was a totally unpatched and unhardened system.

    4. Pointer2null

      mac users got aways with it as they were so few in number it wasn't worth the effort to infect them

    5. Fungus Bob
      Trollface

      Re: a more technically astute user-base

      Mac users are generally more technically illiterate as they are mostly baristas that think they're creatives...

      1. Anonymous Coward
        Anonymous Coward

        Re: a more technically astute user-base

        Well, I use a Mac because it is certified Unix. Mind, being a sysadmin is sometimes closer to being a barista than one would comfortably admit.

    6. Fazal Majid

      In the bad old days of System 7 Mac viruses were rife, specially the resource fork ilk. It's moving to the UNIX foundation of OS X that made a big difference, not any difference in demographics.

      1. RAMChYLD Bronze badge

        Indeed. The good ol' days may not be as rosy as you remembered. Try dealing with the Scores virus, or SevenDust or Autostart 9805.

  3. Anonymous Coward
    Anonymous Coward

    <points>

    <laughs uproariously>

    1. Lord Elpuss Silver badge

      "<points>

      <laughs uproariously>"

      Laughs uproariously, then slips on wet floor and gets a concussion. Bystanders laugh.

      Karma's a bitch.

  4. O RLY
    Mushroom

    Blocking ads remains a crucial tool in a security posture

    While I realise the way the web is paid for, as long as ads remain a credible threat to security and not just an irritation to the user, tools to smite ads will remain as mandatory in my system deployments. The irritation factor is important too, especially on metered network connections, but sites that refuse my adblocking browsers are sites I don't need to visit anymore (looking at you, Forbes).

    1. Anonymous Coward
      Anonymous Coward

      Re: Blocking ads remains a crucial tool in a security posture

      Problem is that the sites and the advertisers are clueing up, and I am seeing more sites that just will not work with a advert/tracker blocker, such as a well known numerically named phone provider, and a well known diy store etc.

      Some sites are ridiculous in their fetish for trackers, especially the newspapers, around 6 or 7 (dailyfail gets nine), while the bbc seems to have dropped them on one site, but the news gives users three.

      Doesn't bother me (but then I close my eyes, stick my fingers in my ears and go nanana when the fbi warning and adverts which I am forced to endure come on in my purchased dvd)

      1. Eddy Ito

        Re: Blocking ads remains a crucial tool in a security posture

        The worst of the lot simply fail to work and won't mention the ad blocker. On the upshot, I now know that Citi has to go I think it's a personal record for shortest business relationship. There's simply no reason for a bank to be employing third party ads and trackers after one has "securely" logged in.

        1. Anonymous Coward
          Anonymous Coward

          Re: Blocking ads remains a crucial tool in a security posture

          Wallywide prostitute their users to omniture owned by adobe.

        2. cd

          Re: Blocking ads remains a crucial tool in a security posture

          Costco sent me a Citi card. I tried to log in, but the website security prevents me from pasting in my password. Thanks for confirming my suspicions that if I did bother to type it in and activate my card it would have been a disappointment. The previous AMEX card had a site with a few barriers to getting things done, yet the security was there, Costco lost altitude with this move.

          Citi opened up a call center nearby, obviously planning to exploit the low prevailing wage, but after months of ad barrage are still looking. Not that their advertised wage has gone up one penny. That's the kind of company they are.

          We need a head banging on wall icon.

  5. Drew 11
    Facepalm

    Half the trouble is the browser manufacturers killing off the URL bar and making it the norm for people to search google for websites they use every day.

    Can we have a better looking facepalm icon please?

  6. Anonymous Coward
    Anonymous Coward

    The malefactors bought the AdWords top ranking for the search term "Google Chrome,"

    and nobody at Google thought it was just a little bit suspicious?

    1. servxcess

      Re: The malefactors bought the AdWords top ranking for the search term "Google Chrome,"

      i googl'd 'google chrome' to install it, when doing windows 10 installs

      For months the first result on google.com search was some dodgy 'googlechrome****.com' fake / phishing style URL

  7. Anonymous Coward
    Anonymous Coward

    "Winner of over 100 5-star awards" ... wow, that looks like a great utility! Must install it myself when I get home :-)

  8. herman Silver badge

    Don't blame the user for shit system security. A user *should* be able to click on anything.

  9. servxcess

    Apple got away with selling a machine labeled 'Pro' with 4gb of ram soldered... sold for the price of two similar spec'd windows pcs at the time ( 2013).

    From the article:

    dubbed OSX/InstallMiez or OSX/InstallCore

    btw Miez literally means Core in romanian...

  10. Anonymous Coward
    Anonymous Coward

    The fact that the potential for a mac user to get a nasty by clicking on a specific ad is front page news shows how safe the platform is. How many new viruses on a PC each day? So many they are no longer reported. This is like the President's daughter being kidnapped vs. black kids dying in Compton.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like