Security researchers warn of a new Google malware scam that could infect your Mac

If there’s one thing computer users can always count on, it’s that hackers will always try to find ways to get into your devices. And according to a report from security specialists Spamhaus and abuse.ch (via Ars Technica), hackers have become more aggressive with attempts to spread malware through Google searches for Mac software.

Essentially, hackers run ads that appear when they use Google to search for software. The Google ads appear at the top of the search results and seem to provide what the user is looking for. Then, the user clicks on the ad and goes to a spoofed software download page. When the user clicks to download, malware is stored on the computer. The most common malware is known as XLoader, which is available for both Windows and macOS. XLoader has previously been used to record keystrokes and steal personal data from infected machines.

Spamhaus has seen an increase in “malvertisting” in recent weeks with several popular apps such as Mozilla Thunderbird and Microsoft Teams. In the report, abuse.ch states that “there is a high demand” for the nefarious ads, so they are likely to become even more common. In its own research using a Mac, Ars Technica easily found malvertising in simple Google searches for common software downloads like “visual studio download” and “Tor download”.

Google is aware of the practice and is working on a fix for the issue. However, it is still very widespread, as noted in a statement to Ars Technica: “We are aware of the recent increase in fraudulent advertising activity. Addressing them is a critical priority and we are working to resolve these incidents as quickly as possible.”

Avoid malware

Even if Google fixes the problem in the near future, hackers will find a new way to spread malware to your Mac. That means it’s up to users to protect themselves.

The safest way to get Mac software is through Apple’s App Store. According to the company, the App Store is primarily for it. (The truth is, it’s all about the money, but both things could be true.) Apple verifies that every app in its store is safe to download. Most of the popular apps from major software developers are available, and there’s also a great selection from indy developers.

If the app you need isn’t on the App Store (or you want developers to get as much of the fee paid as possible and not Apple to get their share), then you’ll have to turn to the web. Your best option when downloading software is to go directly to the developer’s website. They should provide safe methods to get the software you need.

Try to avoid websites that specialize in downloading software as much as possible, as hackers constantly attack these sites. If you don’t have any alternatives, you can use a site like VirusTotal to check files and URLs for malware.

If you want to restrict a Mac to only allow app installation from the App Store, you can set this up in macOS. In the Privacy and security system setting in macOS Ventura (or the Security and privacy system preference in macOS Monterey and older), you will see an “Allow applications downloaded from” setting and you can App Store.

You can go even further in protecting yourself by installing antivirus software. Macworld has a list of antivirus apps to help you find an app. We also have a guide if you’re wondering if your Mac needs antivirus software at all.