Jump to content
  • Sign Up
×
×
  • Create New...

Careful — this Google ad could swipe your bank data without you knowing

Pelican Press

By Pelican Press,
in World News

 Share

Recommended Posts

  • Diamond Member
Pelican Press Warlord

Pelican Press 0

Posted
  • Diamond Member
Posted

This is the hidden content, please

Careful — this
This is the hidden content, please
ad could swipe your bank data without you knowing

Using

This is the hidden content, please
ads to push their malicious sites to the top of the results page is a trick cybercriminals use all too often. The latest example is a fake
This is the hidden content, please
website that uses an infostealer to swipe personal data, browser history, login information, and bank data from unsuspecting victims.

Spotted by

This is the hidden content, please
on X and reported by
This is the hidden content, please
, the malicious
This is the hidden content, please
ad even displays the correct Homebrew URL “brew.sh,” so there’s no real way to spot the trick before clicking.

This is the hidden content, please
Developers, please be careful when installing Homebrew.

This is the hidden content, please
is serving sponsored links to a Homebrew site clone that has a cURL command to malware. The URL for this site is one letter different than the official site.
This is the hidden content, please

— Ryan Chenkie (@ryanchenkie)

This is the hidden content, please

For anyone who did click, the ad redirected them to a clone of the site hosted at “brewe.sh,” revealing the incorrect URL. According to a reply to the X post from

This is the hidden content, please
’s Logan Kilpatrick, the ad has now been taken down — so no need to worry if you’re reading this. However, Chenkie and many of his commenters were surprised and confused by the ad’s ability to display the correct URL despite it not matching the link’s destination.

It seems this strategy is called “URL cloaking” and

This is the hidden content, please
has told
This is the hidden content, please
that it happens because “threat actors are evading detection by creating thousands of accounts simultaneously and using text manipulation and cloaking to show reviewers and automated systems different websites that a regular visitor would see.”

Clearly, there’s a lot of work going in to trick

This is the hidden content, please
into doing this, which means it could be a difficult problem for
This is the hidden content, please
to fix. Right now, the company is “increasing the scale of its automated systems and human reviewers” to try and combat the problem, which certainly sounds expensive.

It’s possible that this URL cloaking technique makes it much easier for cybercriminals to target websites like Homebrew. As a software package management system for macOS and Linux, its audience is pretty much guaranteed to be more knowledgable than the average online shopper and likely wouldn’t fall for an ad that blatantly displayed an incorrect URL.

The infostealer used in this campaign was identified by security researcher

This is the hidden content, please
as AmosStealer (also known as Atomic), and it’s specifically designed for macOS systems. Developed using Swift, the malware can run on both Intel and Apple Silicon devices and it’s sold to cybercriminals as a $1,000-per-month subscription.

If you’re worried about malware campaigns like this, there are a few things you can do to stay safe. Firstly, as well as checking an ad’s displayed URL before you click, it’s now a good idea to check the URL of the page once it loads. Remember that only one character needs to be different, so make sure you do more than just give it a glance.

Another way to avoid malware spread by

This is the hidden content, please
ads specifically is to stop clicking on
This is the hidden content, please
ads. If you search for a specific site, the normal version will always be included in the results below, so just skip the ad completely and avoid trouble that way. Otherwise, if you see an ad you’re interested in, search the name of the company or product it’s advertising rather than clicking on the ad directly.

Lastly, if this is just one of many

This is the hidden content, please
-based annoyances for you, you can always consider kicking
This is the hidden content, please
to the curb. Search engines focusing on improved privacy such as DuckDuckGo or Qwant in Europe are viable alternatives if you’re interested in trying something new.













This is the hidden content, please

#Careful #

This is the hidden content, please
#swipe #bank #data #knowing

This is the hidden content, please

This is the hidden content, please

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Vote for the server

    To vote for this server you must login.

    Jim Carrey Flirting GIF

  • Recently Browsing   0 members

    • No registered users viewing this page.

Important Information

Privacy Notice: We utilize cookies to optimize your browsing experience and analyze website traffic. By consenting, you acknowledge and agree to our Cookie Policy, ensuring your privacy preferences are respected.

  I accept