this post was submitted on 27 Jun 2024
368 points (98.7% liked)

Technology

55610 readers
2873 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s
[email protected]
[email protected]
[email protected]
enu
[email protected]
L4s
368
Mac users served info-stealer malware through Google ads | Full-service Poseidon info stealer pushed by "advertiser identity verified by Google." (arstechnica.com)
submitted 2 days ago by ForgottenFlux to c/technology
37 comments fedilink hide all child comments
 

Mac malware that steals passwords, cryptocurrency wallets, and other sensitive data has been spotted circulating through Google ads, making it at least the second time in as many months the widely used ad platform has been abused to infect web surfers.

Like most other large advertising networks, Google Ads regularly serves malicious content that isn’t taken down until third parties have notified the company. Google Ads takes no responsibility for any damage that may result from these oversights. The company said in an email it removes malicious ads once it learns of them and suspends the advertiser and has done so in this case.

People who want to install software advertised online should seek out the official download site rather than relying on the site linked in the ad. They should also be wary of any instructions that direct Mac users to install apps through the right-click method mentioned earlier. The Malwarebytes post provides indicators of compromise people can use to determine if they’ve been targeted.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 64 points 2 days ago (6 children)

all the more reason to use an adblocker... and a script blocker if you don't mind the extra clicks to get a whitelist going or to temporarily allow them somewhere.

[–] ShittyBeatlesFCPres 10 points 2 days ago (2 children)

Are there shared whitelists? It seems like something that isn’t really practical without them. I’m a web developer who has never served one ad but the front-end tools now basically export all JavaScript. You’d probably just get a blank page on any site made recently that’s more complex than a portfolio/resume page.

[–] [email protected] 5 points 2 days ago (1 children)

Larger sites cater towards scriptless web for accessibility requirements.
Smaller sites don't need SPA, so will most likely work to some degree.
The better (not necessarily bigger) blog systems will use scripting for fancy things, but will have fallbacks and will still work.

It's the middle tier web-app (and sites that want to be a web app but have no reason to be) that will run SPA without any fallback. You know, the ones that want to send notifications and know your location and all that fun stuff.

[–] TrickDacy 4 points 2 days ago

The person you're explaining websites to is a web developer and they are correct. There being a ton of websites needlessly dependent on JavaScript is well known and long lived.

load more comments (3 replies)