January 21, 2025 By Bill Toulas
Hackers are once again abusing Google ads to spread malware, using a fake Homebrew website to infect Macs and Linux devices with an infostealer that steals credentials, browser data, and cryptocurrency wallets.
The malicious Google ads campaign was spotted by Ryan Chenkie, who warned on X about the risk of malware infection.
The malware used in this campaign is AmosStealer (aka 'Atomic'), an infostealer designed for macOS systems and sold to cyber criminals as a subscription of $1,000/month.
The malware was seen recently in other malvertising campaigns promoting fake Google Meet conferencing pages and is currently the go-to stealer for cybercriminals targeting Apple users.