Expert Insight On New macOS Malware Spreading Through Google Search Results

It has been reported that cyber security company Intego has discovered new malware that disguises itself as a Flash Player. What is most concerning is that it is being distributed via webpages that appear in Google’s search results. Intego has discovered a new Trojan that is specifically designed to circumvent macOS Catalina’s security measures. A Trojan is a type of malware that pretends to be legitimate software, in this case a Flash Player, and is then installed by the user on their own. This particular Trojan is able to bypass these security restrictions because it launches an installation guide that guides the user through the steps necessary to install it. This newly discovered Trojan is particularly dangerous because it can be found via Google’s search results pages. If, for example, a web users searches for a title of a YouTube video on Google the results that appear can lead the user to a message suggesting that they have an outdated Flash Player and indicating that they can download the current version via a download button. The Trojan is hidden in this file.

Tim Mackey, Principal Security Strategist,  Synopsys CyRC
June 23, 2020
Once the malicious software is installed, it can typically perform whatever tasks the user who installed it is permitted to do.
The attack outlined here is essentially a “drive-by” where the attacker is attempting to pollute legitimate documents, in this case search results for popular topics, with their malware. Another example of this type of attack is the serving of adverts with embedded malware. In both situations, the attacker hopes their victim will follow their prompts and install the malicious software. Once th ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments

In this article