‘Harmful’ Google ads masquerading as how-tos are tricking Mac users – Macworld

When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.
Clario, the developers behind the MacKeeper utility, recently warned about a deceptive ad that appears on Google when users search for terms related to Mac storage. The ad takes users to a suspicious site with instructions that contain “harmful content for Mac users.”
The ads, according to Clario, appear when searching for “Mac cleaner,” “Clear cache macos” and similar terms. The ads display a Google Docs URL (docs.google.com) or a Medium URL (profile-apple.medium.com), which may not seem suspicious to the user. However, the users are redirected to sites designed to look like Apple.com support pages but contain “suspicious instructions.”
The instructions direct users to the Mac’s Terminal and to enter a command posted on the site. The command runs a script that installs software on the Mac without the user being aware of it. The software can then be used remotely to access the computer.
While many Mac users know to never run Terminal commands unless they’re absolutely certain what they will do, desperate users who need to quickly free up space or fix a slow machine could be susceptible to unscrupulous instructions. And once they start typing commands into Terminal, there’s no telling how much information a hacker can access.
What’s more, Clario’s investigation found that the sources of these ads appear to be legitimate but have had their accounts hacked. The suspicious ads were reported to Google, though we still saw the malicious ads when searching for “How to clear storage space on macbook air,” so be careful out there.
The malicious Google ads are still active as of this writing.
Foundry
We all depend on search engines to find information we need, but they can’t be relied upon to weed out malicious sites and bad links. It’s up to the user to check the URLs of the sites in the results. Look at the URL listed, and before clicking on a link, hover the pointer over it and look at the URL that’s displayed in the lower left of the browser window. And when you do click the link, watch the URL in the box at the top of the window. If you get redirected, you may be able to see it happen. Also, check that the website you end up on is the same as the URL that was in the search engine.
Never open links in emails or texts you receive from unknown and unexpected sources. If you get a message that looks like it is from an entity that you do business with, check the sender’s email address and inspect the URL carefully. If you see a link or button, you can Control-click it, select Copy Link Address, and then paste it into a text editor to see the actual URL to check it there.
Macworld has several guides to help, including a guide on whether or not you need antivirus software, a list of Mac viruses, malware, and trojans, and a comparison of Mac security software.
Roman is a Macworld Senior Editor with over 30 years of experience covering the tech industry, focusing on the Mac and other products in the Apple ecosystem. He is also the host of the Macworld Podcast. His career started at MacUser, where he received Apple certification as a repair technician (when Apple did that kind of thing). He’s also worked for MacAddict, MacLife, and TechTV.
Macworld Sweden
Macwelt Germany
Subscribe to the Macworld Digital Magazine
Manage Subscription
Newsletter
Follow us on WhatsApp

source