The Apple Mac owners might have been the subject of an infection in their Google search engine by false ads at the very top of their search results in the recent weeks. This happened after the attackers successfully launched a campaign of malvertising against the Google Adwords. In a cheeky move the lure of choice for the attackers was a false ad for the Google’s very own, Google Chrome. Cylance security researcher, Jeffrey Tang is the man who first spotted this while he was looking for a Chrome downloader for his girlfriend. He did not believe that anyone would have the guts to do that to Google’s own page.
There was a similar incident last year which was discovered by Malwarebytes in which the malvertisers paid legitimately for the popular keywords so that their ads would pop at the top of the search engine. Last year the keyword was “youtube” and this time around it is “google chrome”. Tang clicked on the ad which he knows was “mindless” but the ad itself was showing the url of www.google.com/chrome. Then Tang described in his blog that “clicking on the ad takes a user to www(dot)entrack(dot)space and then redirects the user to googlechromelive(dot)com – a page offering a free download of Google Chrome.”
The “Chrome” download link took the Windows users to a particular page that shows an error message but the Mac users are directed towards a various domains and in the end infected with a malicious installer for OSX: OSX/InstallMiez, which is also known as OSX/InstallCore. Tang says he believes that the attackers were mere middle men who were paid per install of the malware. He believes that for Windows users it might not be up yet that must be a reason why Windows users are not infected yet. In the end he says it absolutely blows his mind that even in 2016 this kind of mischievous behavior is still allowed.