MacPaw’s Moonlock Lab issued a report on Thursday about a new Mac malware threat that spreads through Google-sponsored ads. The malware poses as the Mac screen recording app Loom and several other apps.
Moonlock Lab believes that this malware campaign is run by a group dubbed Crazy Evil. When searching for Loom on Google, sponsored ads appear that look legitimate, even displaying the legitimate URL for the app at the top of the ad. But the actual URL for the app’s link is a “near-perfect replica” and takes the user to a fraudulent site that has been constructed to fool the user. The fake site prominently displays a download button that saves a malicious file with stealer malware on the user’s Mac.
While Loom appears to be the main app being used to fool users, Moonlock Lab has found that Crazy Evil is attempting to spread its malware through several other apps. Moonlock Lab provided a chart below that shows which apps have been targeted.
One of the main aspects of this malware attack is that when executed, the malware looks for Ledger Live, a crypto wallet. The malware replaces it with a clone that gives the attackers access to the user’s cryptocurrency.
How to protect yourself from malware
The easiest way to avoid malware is to use only legitimately acquired apps from trusted sources, such as the App Store (which makes security checks of its software) or directly from the developer.
If you need to use search to find an app, always check the link before clicking on it. In Safari, you can turn on the Status Bar that appears at the bottom of every page, hover the cursor over a link, and then read the URL and check it before clicking on it. Google often adds its referral URL before every link in its search results, so you need to read the URL completely. You can also copy the URL and paste it into a text editor to check it before clicking on it.
Macworld has several guides to help, including a guide on whether or not you need antivirus software, a list of Mac viruses, malware, and trojans, and a comparison of Mac security software.
Apple has protections in place within macOS and the company releases security patches through OS updates, so it’s important to install them when they are available. If Apple pulls back an update, the company will reissue it as soon as it is properly revised with corrections.
