Researcher Finds Malware Targeting Mac Users via Ad

guest · Sep 24, 2021

Researcher Finds Malware Targeting Mac Users via Baidu Ad
The Ad, Now Deleted, Lured Users to a Phishing Website to Harvest Credentials
September 24, 2021
https://www.databreachtoday.com/researcher-finds-malware-targeting-mac-users-via-baidu-ad-a-17616

Chinese security researcher Zhi has discovered a malware targeting Mac users, which was spread via a paid advertisement on search engine Baidu, to harvest user credentials. The advertisement has now been taken down.

Sponsored links in search engine spread fake iTerm2 malware (in Chinese) https://t.co/8yUrE2kog6 pic.twitter.com/WPU8YSURgZ
— Zhi (@CodeColorist) September 15, 2021
The sponsored link, which appeared on the Chinese search engine when a user query included the keyword 'iTerm2', led users to a phishing website, Zhi says. The user would then be prompted to download the iTerm2 app, which in reality was the malware disguised as the macOS terminal emulator, he says.
Click to expand...

The sponsored link has now been taken down by Baidu's security team, while Apple has revoked the code signing certificate used by the malware, says Patrick Wardle, who creates security tools for macOS.

On clicking the download option on the phishing website, an iTerm2.dmg disk image that Zhi refers as a "really poisonous file" was downloaded from the domain kaidingle[.]com.

"For an app with a very professionally designed website, the disk image file is quite unpolished. It also includes a link to the applications folder with a Chinese name, which is unusual for an app that is English-only and does not contain any Chinese localization files," Reed says.
Click to expand...

While the researchers did not offer specific remediation measures for such malware campaigns, a Zhihu forum user suggests using an ad-blocking plug-in that blocks sponsored ads and content.
Click to expand...

Rasheed187 · Sep 26, 2021

This was also discussed over here, see link. But it probably did indeed deserve its own thread.

https://www.wilderssecurity.com/thr...to-patch-zero-click-flaw.440425/#post-3034847

Log in or Sign up

Researcher Finds Malware Targeting Mac Users via Ad

guest Guest

Rasheed187 Registered Member

Log in or Sign up

Researcher Finds Malware Targeting Mac Users via Ad

guest Guest

Rasheed187 Registered Member

Useful Searches