MacPaw’s Moonrock Lab issued a report on Thursday about a new Mac malware threat that spreads through Google-sponsored ads. The malware poses as the Mac screen recording app Loom and several other apps.
Moonlock Lab believes that this malware campaign is run by a group dubbed Crazy Evil. When searching for Loom on Google, sponsored ads appear that look legitimate, even displaying the legitimate URL for the app at the top of the ad. But the actual URL for the app’s link is a “near-perfect replica” and takes the user to a fraudulent site that has been constructed to fool the user. The fake site prominently displays a download button that saves a malicious file with stealer malware on the user’s Mac.
While Loom appears to be the main app being used to fool users, Moonlock Lab has found that Crazy Evil is attempting to spread its malware through several other apps. Moonlock Lab provided a chart below that shows which apps have been targeted.
Read more at Macworld.com