Digging further into the ad shows that it was purchased by an entity called Coles & Co, an advertiser identity Google claims to have verified.
The reason for this is to bypass a macOS security mechanism that prevents apps from being installed unless they’re digitally signed by a developer Apple has vetted.
The address happens to host the control panel for Poseidon, the name of a stealer actively sold in criminal markets.
The discovery comes a month after Malwarebytes identified a separate batch of Google ads pushing a fake version of Arc for Windows.
Like most other large advertising networks, Google Ads regularly serves malicious content that isn’t taken down until third parties have notified the company.
They should also be wary of any instructions that direct Mac users to install apps through the right-click method mentioned earlier.
The original article contains 534 words, the summary contains 138 words. Saved 74%. I’m a bot and I’m open source!