- Hackers Seen Launching Malvertising Campaign Promoting Fake Homebrew Package
- Victims were targeted with AMOS, a powerful information stealer
- The campaign has since been removed, but users should remain on guard
Mac users are once again the target of powerful malware as hackers attempt to steal their login credentials, sensitive data and cryptocurrencies.
Software developer Ryan Chenkie spotted the malicious campaign on Google, noting that malicious actors were running malicious advertising campaigns on Google’s network promoting a fake version of Homebrew, an open source package manager for macOS and Linux .
“Developers, be careful when installing Homebrew,” he said. “Google provides sponsored links to a Homebrew site clone with a cURL command to malware. The URL of this site is one letter different from that of the official site.
Enter AMOS
The ad served on Google displays the correct Homebrew URL – Brew.sh. However, once a victim clicks, they are redirected to Brewe.sh, a site with an extra letter “e” at the end. This is a common typosquatting technique, often seen not only in malvertising, but also in other forms of cyberattacks.
Victims who don’t notice the trick are prompted to install Homebrew, by pasting a command displayed in the macOS terminal or a Linux shell prompt, much like what the legitimate Homebrew site does.
But instead of getting the software itself, victims will receive AMOS, a popular information stealer that scrapes user passwords, browser data, cryptocurrency information, and more. Security researchers have been warning about AMOS (AKA Atomic) for months now, saying the tool is offered as a subscription for $1,000 per month.
Shortly after Chenkie posted his warning, Homebrew Project leader Mike McQuaid responded, saying the campaign had already been removed, but also expressed concerns about repeat violations: “It seems removed now.” There’s really not much we can do about it, it just keeps happening over and over again and Google seems to love taking money from the scammers,” he said. “Please strengthen the signal and I hope someone at Google fixes this problem for good.”
Via BeepComputer
