9 points

Even though I don’t use Macs, this shows how important it is to block ads. They are not just “inconvenient”, they are dangerous.

permalink
report
reply
5 points

The ad doesn’t actually deliver the malware, just directs people to a malicious download that mimics the Arc Browser. Users then have to follow onscreen instructions to install the malicious application in a non-standard way that allows it to bypass built-in protections in macOS to make it harder to install unsigned apps.

I’m curious how successful this campaign would be. It requires a lot of bad behavior by the victim to succeed. First, they’d have to decide to download a new web browser just from one banner ad, without doing any research on the browser; just click the link in the ad to go directly to the malicious download and install it directly from there. Second, they’d have to convince the user to right-click and select “Open” instead of simply double-clicking the installer or dragging it to the Applications folder like every other Mac application; otherwise the OS blocks it. I’m sure there are users dumb enough to do either step, but the subset of users dumb enough to do both steps and be on macOS and see this ad, I’m thinking they might only nab a few hundred victims tops, if that. I suspect this might be a proof of concept more than anything; probably most of the downloads were security researchers or potential customers testing it out. It sounds like the security researchers were following the malware seller, then found the ad, not the other way around. And of course, the ad has been taken down by Google now.

Like most other large advertising networks, Google Ads regularly serves malicious content that isn’t taken down until third parties have notified the company. Google Ads takes no responsibility for any damage that may result from these oversights. The company said in an email it removes malicious ads once it learns of them and suspends the advertiser and has done so in this case.

Earlier in the article they said Google had “vetted” the company that bought the ad. It seems their process sucks and this policy is a cop-out, and all of that just to net Google, what, a couple bucks on this short-lived fraudulent campaign?

permalink
report
reply
-4 points

Mac users: Macs don’t get viruses because reasons

Me: points to this article

permalink
report
reply
6 points

As a Mac user (among other things) I don’t get this type of virus because adblock. Also, fuck the CDN-style throw whatever at users and see what pays.

permalink
report
parent
reply
4 points

I’ve worked for companies that used at least some Macs since 2013. Those Macs have always had antivirus software on them in addition to the base protection from the OS. I think the days of “Macs don’t get viruses” are long gone for anyone who pays attention, and was really probably never true.

permalink
report
parent
reply
4 points
*

Yes keep restating a PR ad from 2006, nearly TWENTY goddamn years ago. Are you aware Mac OS has changed significantly just like literally every other main OS?

Well, the company said it 18 years ago and it’s no longer true, they must be fucking liars

permalink
report
parent
reply

Privacy

!privacy@lemmy.world

Create post

A community for Lemmy users interested in privacy

Rules:

  1. Be civil
  2. No spam posting
  3. Keep posts on-topic
  4. No trolling

Community stats

  • 790

    Monthly active users

  • 196

    Posts

  • 915

    Comments

Community moderators