Security researchers warn of a new Google malware scam that could infect your Mac

If there’s one thing that computer users can always count on, it’s that hackers will always try to find ways to intrude upon your devices. And according to a report by security specialists Spamhaus and abuse.ch (via Ars Technica), hackers have become more aggressive with attempts to spread malware through Google searches for Mac software.

Essentially, hackers are running ads that appear when using Google to search for software. The Google ads appear at the top of the search results and seem to provide what the user is looking for. Then the user clicks the ad and goes to a spoofed software download page, and when the user clicks to download, malware is saved to the computer. The most common malware is known as XLoader, which is available for both Windows and macOS. XLoader has previously been used to record keystrokes and steal personal data on infected machines.

Spamhaus has seen an increase in “malvertisting” over the past few weeks with several popular apps such as Mozilla Thunderbird and Microsoft Teams. In the report, abuse.ch states that “there is a great deal of demand” for the nefarious ads, so they will likely become even more commonplace. In its own investigation using a Mac, Ars Technica easily found malvertising in simple Google searches for common software downloads such as “visual studio download” and “Tor download”.

Google is aware of the practice and is working to fix the issue. However, it is still extremely widespread as noted by a statement sent to Ars Technica: “We are aware of the recent uptick in fraudulent ad activity. Addressing it is a critical priority and we are working to resolve these incidents as quickly as possible.”

How to avoid malware

Even if Google fixes the problem in the immediate future, hackers will find a new way to spread malware to your Mac. That means it’s up to users to protect themselves.

The safest way to get Mac software is through Apple’s App Store–it’s what the company says is why the App Store exists in the first place. (The truth is it’s all about the money, but the two things can both be true.) Apple verifies that each app in its store is safe to download. Most of the popular apps from large software developers are available, and there’s a great selection from indy devs, too.

If the app you need isn’t in the App Store (or you want developers to get as much of the paid fee as possible and don’t want Apple to get its cut), then you have to turn to the internet. Your best option when downloading software is to go directly to the developer’s website. They should offer secure methods to acquire the software you need.

Try to avoid websites that specialize in software downloads as much as possible because hackers constantly target these sites. If you have no alternatives, you can use a site such as VirusTotal to check files and URLs for malware.

The setting in macOS Ventura for allowing only App Store downloads.
Foundry

If you want to restrict a Mac to only allow app installation from the App Store, you can set this in macOS. In the Privacy & Security system setting in macOS Ventura (or the Security & Privacy system preference in macOS Monterey and older), you’ll see a setting to “Allow applications download from” and you can select App Store.

You can go even further in protecting yourself by installing antivirus software. Macworld has a roundup of antivirus apps to help you find an app. We also have a guide if you’re wondering if your Mac needs antivirus software in the first place as well as details of How secure a Mac really is.

Antivirus, MacOS, Security