The article details a macOS malware infection traced back to a malicious Google ad. Users searching for legitimate software like "Claude" or "Homebrew" were redirected to an impersonated download site. This deceptive page provided "ClickFix-style" instructions, prompting users to execute a malicious command in their terminal, thereby initiating the malware's installation.
During the infection, the malware aggressively sought privileges, requesting the user's password and access to critical system components like Finder and various personal folders. This incident underscores the sophisticated nature of malvertising campaigns and the persistent threat they pose. Associated files including Indicators of Compromise (IOCs), network traffic (PCAP), and extracted malware samples are provided, offering comprehensive data for analysis.
Top comments (0)