Security researchers at Cylance have uncovered a malware-spreading campaign that uses Google AdWords to pump out rogue code to macOS users.
The malefactors bought the AdWords top ranking for the search term "Google Chrome," which appeared to lead the user to www.google.com/chrome. In fact it redirected them to googlechromelive.com, which hoisted a fake download page for the popular browser.
"On the other hand, the malicious download link redirects macOS users through ttb.mysofteir.com, servextrx.com, and www.bundlesconceptssend.com then ultimately downloads a malicious file named FLVPlayer.dmg," the team said in a blog posting. "The malware hash changes on each download, making it difficult to detect and track. Windows users are ultimately redirected to admin.myfilessoft.com, which returns an error due to a DNS failure."
The malware, dubbed OSX/InstallMiez or OSX/InstallCore, pretends to open a file called FLV Player, although it actually loads a scareware program called Macpurifier, which tells the user that they have viruses and need to download more files, which just add to the infection.
Google was informed about the scam on October 25 and pulled the AdWord advert immediately, and security vendors have been given signatures for the malware. But if you've been looking for Chrome on your Mac (what, Safari not good enough for you?) then running a scan would be a very smart move.