A macOS malware discovered in April has found a new vector of attack, with people searching for software on Google finding malware presented as legitimate ads.
The malware payload known as Atomic macOS Stealer (AMOS) first appeared in April being sold on Telegram for $1,000 per month. Once installed, it collects the user’s system password via aggressive pop-ups and then siphons off sensitive data like passwords, crypto, and files.
According to a report from researchers at Malwarebytes, AMOS is being delivered via a Google ad scheme to unsuspecting searchers. The ads are legitimate and paid for but disguise themselves as the website or software the user is searching for.
Read more at AppleInsider.com