We have seen this before. Hijacked Google search results to direct users to malicious websites or installs. And now here we go again. This time with an attack that specifically targets millions of Apple users. Make sure you do not fall victim.
Per Apple Insider, sponsored Google ads are now “leading users on to faked Apple support pages that try to get the user to use the Terminal and install malware on Macs.”
The ads show when users search for “mac cleaner” in Google rather than using a legitimate app store to find a suitable option. As originally spotted by MacKeeper, the search results “lead users to landing pages with a design similar to Apple’s official website, but these pages contain harmful instructions for Mac users.”
Users are instructed to take actions to clean up their Mac’s storage. “In reality,” MacKeeper says, “users are redirected to the macros/scripts pages with Apple’s official website design and suspicious instructions on how to check their storage or free up disk space on Mac. Also, there are many non-clickable links like Apple’s official website.”
Just like the ClickFix attacks, this malicious trickery is all about running commands that almost all users would never think to do in normal circumstances. Opening Terminal on your Mac and running commands based on a Google search is beyond dangerous.
As MacKeeper explains, the commands you type into your Mac actually “pretend to ‘clean macOS storage,’ pretend to ‘install packages,’ secretly downloads a script from website, and then execute it with full user permissions.”
Apple Insider warns that “it’s like electing to open the door to malware, as just a few commands can then give hackers access to the Mac.” And the advice is the same as with ClickFix attacks. Never copy, paste and run any commands on any device.
