Cybercriminals Are Looking For Mac Users Again Through Homebrew Fake Ads

JAKARTA - Hackers are reviving old attack techniques to attack Mac users. They use malware that disguises itself as a popular Homebrew tool and spread it through fraudulent fake Google ads. The campaign targets macOS and Linux users, with infostealers who can steal credentials, browser data, and cryptocurrency wallets.

Homebrew is an open-source package manager that is widely used to manage software through a command line. Unfortunately, its popularity is now being exploited by cybercriminals. They make fake Google ads that appear legitimate, with Homebrew's original URL, "brew.sh." However, when users click on the ad, they are redirected to a fake site in "brewe.sh."

This fake site imitates the installation process of the Homebrew and tricks visitors into carrying out malicious orders. If the order is carried out, the malware known as AmosStealer or "Atomic Stealer" will be downloaded and executed.

AmosStayaler is an infostealer that focuses on macOS, sold to cybercriminals for $1,000 (Rp. 16.2 million) per month. This malware is capable of stealing data from more than 50 cryptocurrency wallets, browser data, and desktop apps. Previously, this malware was also used in similar campaigns, including on fake Google Meet pages, making it a flagship tool to attack Apple users.

Mike McQuaid, the project leader of Homebrew, voiced his frustration at Google's inability to prevent this kind of scam. Although the malicious advertisement has been removed, McQuaid stressed that similar incidents continue to occur due to a lack of supervision of sponsored advertising.

Google faces a huge challenge in keeping malicious ads from qualifying. With billions of ads being processed every day, Google relies heavily on automation, but this alone isn't enough. The large operating scale and lack of human scrutiny allow some malicious campaigns to escape detection.

To avoid attacks like this, here are the steps that can be taken:

Google has removed this malicious ad, but history shows that similar threats are not completely gone. Mac users, especially those using Homebrew, should remain vigilant to protect their data.