Apple users may tend to think that their Macs are less likely to become victims of viruses and malware. However, threats such as MacStealer and other Mac malware that steal credit card information prove otherwise.
A new weakness is highlighted in a new report from Malwarebytes, which mentions a new Microsoft Teams malvertising campaign targeting Mac users.
Hackers are trying to lure unsuspecting Mac users to a fake Microsoft Teams site to “download the app,” taking advantage of the app’s popularity. But what they get is Atomic Stealer malware that steals passwords from Apple keychains and web browsers.
Mac users end up at these fake sites by clicking on a phony ad (that appears at the top of the search result) from a compromised Google ad account in Hong Kong. The fake page shows you the Apple logo, a short summary of how the app works, and a button that says “Download Teams.”
This isn’t the first time fake ads have been used to steal Mac data. Just last month, in the Poseidon campaign, hackers used fake ads for the Arc browser, offering users a malicious DMG installer. Both malvertising campaigns use parallel code-based and delivery techniques. Malwarebytes comments that it is the first time it has seen it used by Atomic Stealer, and it uses advanced filtering techniques.
Mac users will see a red flag in the installation process since the malicious file encourages users to right-click for installation. The right-click process bypasses Apple’s built-in protection system for unsigned installers. Once you type your credentials, your Mac is compromised as the malware takes your sensitive data and sends it back to the hacker.
If you think your Mac has malware, you can follow these steps to check it for viruses and malware. However, you can prevent malware from getting in by not clicking on any of the ads at the top of the list in your Google Search results. Being careful about what links you can click on can also help.
