Fake Homebrew site leverages Google ads to target macOS, Linux devices
Bad actors are using a fake Homebrew site on a Google ads page to distribute infostealer malware that’s targeting macOS and Linux devices.
This new Google ads campaign was first discovered by security researcher Ryan Chenkie, who warned security pros about the infostealer on X on Jan. 18.
Another security researcher, JAMESWT, posted on X that the malware dropped in the new Google ads campaign is the Amos infostealer that targets data stored on web browsers, desktop wallets, and cryptocurrency extensions.
Here’s how the campaign works: A malicious Google ad displays the legitimate Homebrew URL, but the ad redirects them to a fake Homebrew page that’s hosted as “brewe.sh” — tricking even the most careful users with the extra “e” letter.
What’s interesting here is that more technical people tend to use Homebrew, a popular open-source platform that lets macOS and Linux users install, update, and manage software.
