Security researchers over at Cylance have discovered a new strain of malware that attacks victims via Google AdWords to infect Apple macOS computers.
The malware campaign starts with a user innocently searching for "Google Chrome" on Google,that will then display an ad for the browser at the top of the search result page. While everything looks legitimate, hovering over the link will show a display URL that doesn't look quite official. When the ad link is clicked, it will bring a user to 'googlechromelive(dot)com,' which reportedly hosts a fake download page for the Google Chrome web browser.
Clicking the download link will send the unsuspecting user to even more redirects, sending them subsequently to three other websites, which thereafter will finally download a file named 'FLVPlayer.dmg'.
The malware hash is changed on every download, making it difficult to track and detect. Windows users are ultimately redirected to 'admin(dot)myfilessoft(dot)com,' which produces an error due to a DNS failure.
The malware, named OSX/InstallMiez or OSX/InstallCore, is disguised under a purported FLV Player installer. Once installed the malware will redirect a browser to another link, which will redirect them to macpurifier(dot)com, telling the user that their Mac OS X computer has viruses. At this point, in can clearly be seen that the message is a scam, and not in any way related to a legitimate Google Chrome download.
The malvertising campaign was reported to Google AdWords on October 25, 2016, and has since been removed. All things considered, it is best to be careful about the things we click on, and the places we visit on the internet, as malware could be lurking just about anywhere, waiting to infect the next victim.