- cross-posted to:
- technology@lemmy.world
- cross-posted to:
- technology@lemmy.world
Mac users: Macs don’t get viruses because reasons
Me: points to this article
As a Mac user (among other things) I don’t get this type of virus because adblock. Also, fuck the CDN-style throw whatever at users and see what pays.
I’ve worked for companies that used at least some Macs since 2013. Those Macs have always had antivirus software on them in addition to the base protection from the OS. I think the days of “Macs don’t get viruses” are long gone for anyone who pays attention, and was really probably never true.
Yes keep restating a PR ad from 2006, nearly TWENTY goddamn years ago. Are you aware Mac OS has changed significantly just like literally every other main OS?
Well, the company said it 18 years ago and it’s no longer true, they must be fucking liars
Even though I don’t use Macs, this shows how important it is to block ads. They are not just “inconvenient”, they are dangerous.
The ad doesn’t actually deliver the malware, just directs people to a malicious download that mimics the Arc Browser. Users then have to follow onscreen instructions to install the malicious application in a non-standard way that allows it to bypass built-in protections in macOS to make it harder to install unsigned apps.
I’m curious how successful this campaign would be. It requires a lot of bad behavior by the victim to succeed. First, they’d have to decide to download a new web browser just from one banner ad, without doing any research on the browser; just click the link in the ad to go directly to the malicious download and install it directly from there. Second, they’d have to convince the user to right-click and select “Open” instead of simply double-clicking the installer or dragging it to the Applications folder like every other Mac application; otherwise the OS blocks it. I’m sure there are users dumb enough to do either step, but the subset of users dumb enough to do both steps and be on macOS and see this ad, I’m thinking they might only nab a few hundred victims tops, if that. I suspect this might be a proof of concept more than anything; probably most of the downloads were security researchers or potential customers testing it out. It sounds like the security researchers were following the malware seller, then found the ad, not the other way around. And of course, the ad has been taken down by Google now.
Like most other large advertising networks, Google Ads regularly serves malicious content that isn’t taken down until third parties have notified the company. Google Ads takes no responsibility for any damage that may result from these oversights. The company said in an email it removes malicious ads once it learns of them and suspends the advertiser and has done so in this case.
Earlier in the article they said Google had “vetted” the company that bought the ad. It seems their process sucks and this policy is a cop-out, and all of that just to net Google, what, a couple bucks on this short-lived fraudulent campaign?