On Thursday, MacPaw’s Moonlock Labs published a report on a new Mac malware threat that is spreading via Google-sponsored ads. The malware masquerades as the Mac screen recording app Loom and several other apps.
Moonlock Lab believes this malware campaign is being carried out by a group dubbed Crazy Evil. When searching for Loom on Google, sponsored ads appear legitimate, even displaying the app’s legitimate URL at the top of the ad. But the actual URL of the app link is a “near-perfect replica” and directs the user to a fraudulent site that was built to trick them. The fake site prominently displays a download button that saves a malicious file containing theft malware to the user’s Mac.
While Loom appears to be the primary application used to trick users, Moonlock Lab discovered that Crazy Evil was attempting to distribute its malware through several other applications. Moonlock Lab has provided a table below that shows which applications were targeted.
One of the key aspects of this malware attack is that when it is executed, the malware searches for Ledger Live, a cryptocurrency wallet. The malware replaces it with a clone that gives the attackers access to the user’s cryptocurrency.
How to protect yourself from malware
The easiest way to avoid malware is to only use apps that are legally acquired from trusted sources, such as the App Store (which performs security checks on its software) or directly from the developer.
If you must use search to find an app, always double-check the link before clicking on it. In Safari, you can turn on the status bar that appears at the bottom of every page, hover over a link, then read the URL and double-check it before clicking. Google often adds its referring URL before each link in its search results, so you should read the entire URL. You can also copy the URL and paste it into a text editor to double-check it before clicking on it.
igamesnews has several guides to help you, including a guide on whether or not you need antivirus software, a list of viruses, malware, and Trojans for Mac, and a comparison of Mac security software.
Apple has built protections into macOS, and the company releases security fixes through operating system updates, so it’s important to install them as soon as they’re available. If Apple pulls an update, the company will re-release it as soon as it’s been properly revised with fixes.
