‘Harmful’ Google ads masquerading as how-tos are tricking Mac users
Summary created by Smart Answers AI
In summary:
- Macworld reports that malicious Google ads disguised as Mac cleaning tutorials trick users into installing harmful software via terminal commands.
- These deceptive ads redirect to fake Apple support pages and can grant cybercriminals remote access to compromised Macs.
- Essential security measures include inspecting URLs before clicking, avoiding unknown email links, and never running unknown Terminal commands. Detailed instructions are provided below.
Clario, the developers behind the MacKeeper utility, recently warned of a misleading ad that appears on Google when users search for terms related to Mac storage. The ad directs users to a suspicious site with instructions containing “harmful content for Mac users.”
The ads, according to Clario, appear when searching for “Mac Cleaner,” “Clear cache macos,” and similar terms. Ads display a Google Docs URL (docs.google.com) or an average URL (profile-apple.medium.com), which may not appear suspicious to the user. However, users are redirected to sites designed to look like Apple.com support pages but containing “suspicious instructions.”
The instructions direct users to the Mac terminal and enter a command posted on the site. The command runs a script that installs the software on the Mac without the user realizing it. The software can then be used remotely to access the computer.
While many Mac users know to never run Terminal commands unless they are absolutely sure of what they are going to do, desperate users who need to quickly free up space or repair a slow machine might be susceptible to unscrupulous instructions. And once they start typing commands into Terminal, it’s unclear how much information a hacker can access.
Additionally, Clario’s investigation revealed that the sources of these ads appear legitimate, but their accounts were hacked. The suspicious ads have been reported to Google, although we have always seen malicious ads when searching for “How to free up storage space on MacBook Air”, so be careful.
Malicious Google ads are still active as of this writing.
Foundry
How to protect yourself
We all depend on search engines to find the information we need, but they can’t be relied on to weed out malicious sites and bad links. It is up to the user to check the site URLs in the results. Look at the URL listed, and before clicking on a link, hover over it and look at the URL that appears at the bottom left of the browser window. And when you click the link, watch for the URL in the box at the top of the window. If you are redirected, you may be able to see it happening. Also check that the website you are on is the same as the URL listed in the search engine.
Never open links in emails or texts you receive from unknown and unexpected sources. If you receive a message that appears to come from an entity you do business with, check the sender’s email address and carefully inspect the URL. If you see a link or button, you can control-click it, select Copy link address, then paste it into a text editor to see the actual URL and check it there.
Macworld has several guides to help you, including a guide on whether or not you need antivirus software, a list of Mac viruses, malware, and Trojans, and a comparison of Mac security software.
