Summary: Hackers are exploiting Google ads to distribute malware through a counterfeit Homebrew website, targeting Mac and Linux users with an infostealer known as AmosStealer. This malware is designed to extract sensitive information, including credentials and cryptocurrency wallets. Security experts warn users to be cautious of sponsored ads and to verify the legitimacy of websites before downloading software.
Threat Actor: Cybercriminals | cybercriminals
Victim: Homebrew users | Homebrew
Keypoints :
- Malicious Google ads redirected users to a fake Homebrew site, brewe.sh, instead of the legitimate brew.sh.
- The malware, AmosStealer, is sold as a subscription and targets over 50 cryptocurrency extensions and browser data.
- Homebrew’s project leader criticized Google for failing to prevent such scams and urged users to verify links before downloading.