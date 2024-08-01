Moonlock Lab reports that it’s uncovered macOS malware being spread through Google sponsored URLs, posing as popular apps like Loom, Figma, Calendly, TunnelBlick (VPN), etc.

These ads look legitimate but redirect users to fake sites that are near-perfect replicas of the official ones, prompting users to download malicious files. Moonlock Labs says the attackers, possibly the Crazy Evil group, use multiple redirects to evade detection by automated systems.

Additionally, Moonlock Labs discovered the recruitment of cybercriminals via darknet advertisements and identified an IP address linked to a governmental entity, likely leveraged for malicious purposes.

Moonlock Labs says that you should always pay close attention to URLs when downloading files, even if they come from Google Ads or top search results. Additionally, it’s a good practice to scan your devices with anti-malware tools like CleanMyMac X with the Moonlock Engine to ensure that no malicious software is present.

