AdWords malvertising targets macOS users
Researchers at threat prevention company Cylance have discovered a malvertising campaign on Google AdWords for the search term "Google Chrome", where unsuspecting macOS users were being tricked into downloading a malicious installer.
The installer, identified as "OSX/InstallMiez" (or "OSX/InstallCore"), ultimately downloads a malicious file named "FLVPlayer.dmg". The malware hash changes on each download, making it difficult to detect and track.
Once the installation is completed, the browser is redirected to a scareware page. Clicking on the link leads to another page offering a potentially unwanted program (PUP) claiming to cleanup OS X computers as well as starting a download for a Fast Player application.
"The malvertising campaign was reported to the Google AdWords team on October 25, 2016 and the malicious advertisement was removed immediately", says Cylance researcher Jeffrey Tang.
The attack is similar to a campaign last year that targeted Windows users searching for "youtube". Affected users were redirected to a fake blue screen of death and instructed to call a toll-free helpline to resolve their issues, at which point they were conned out of money to purchase a phony support package. The fact that malware purveyors are willing to bid on popular keywords in order to get their ads to the top of Google pages shows how serious they're becoming about targeting Mac users.
You can find more details of the attack on the Cylance blog.