The ad doesn’t actually deliver the malware, just directs people to a malicious download that mimics the Arc Browser. Users then have to follow onscreen instructions to install the malicious application in a non-standard way that allows it to bypass built-in protections in macOS to make it harder to install unsigned apps.
I’m curious how successful this campaign would be. It requires a lot of bad behavior by the victim to succeed. First, they’d have to decide to download a new web browser just from one banner ad, without doing any research on the browser; just click the link in the ad to go directly to the malicious download and install it directly from there. Second, they’d have to convince the user to right-click and select “Open” instead of simply double-clicking the installer or dragging it to the Applications folder like every other Mac application; otherwise the OS blocks it. I’m sure there are users dumb enough to do either step, but the subset of users dumb enough to do both steps and be on macOS and see this ad, I’m thinking they might only nab a few hundred victims tops, if that. I suspect this might be a proof of concept more than anything; probably most of the downloads were security researchers or potential customers testing it out. It sounds like the security researchers were following the malware seller, then found the ad, not the other way around. And of course, the ad has been taken down by Google now.
Like most other large advertising networks, Google Ads regularly serves malicious content that isn’t taken down until third parties have notified the company. Google Ads takes no responsibility for any damage that may result from these oversights. The company said in an email it removes malicious ads once it learns of them and suspends the advertiser and has done so in this case.
Earlier in the article they said Google had “vetted” the company that bought the ad. It seems their process sucks and this policy is a cop-out, and all of that just to net Google, what, a couple bucks on this short-lived fraudulent campaign?
Another consideration: changing email providers. Any email address using your custom domain can travel with you to other providers, where you can just set up another catch-all address. Aliases are specific to your email provider, so if you want to switch, you'd need to manually go to every site and update each login to a new alias.
And you can always get two domains--one for your more sensitive stuff, and a cheap generic one for the rest. A lot of domains are dirt cheap if you don't care what the TLD is.
Catch-alls are more easily traceable, yes, but depending on your privacy concerns vs convenience (and your fear of getting locked out of an account if your alias becomes unavailable, for example), it might be worth it for you.
I’ve worked for companies that used at least some Macs since 2013. Those Macs have always had antivirus software on them in addition to the base protection from the OS. I think the days of “Macs don’t get viruses” are long gone for anyone who pays attention, and was really probably never true.
Yes keep restating a PR ad from 2006, nearly TWENTY goddamn years ago. Are you aware Mac OS has changed significantly just like literally every other main OS?
Well, the company said it 18 years ago and it’s no longer true, they must be fucking liars
It's great for emails on account's where they know you, like banks and doctors offices. It also lets you make em up on the fly instead of using the site or app. I've never had spam issues, but it does make the email less anonymous. So it's a situational thing, but nice to just use [email protected] when at the dentist or whatever.
If this report is true, it would reflect poorly on Apple and Google more than Temu.
iOS does have protections in place that prevent an App from modifying its own executable code; the current argument about Emulators in the EU is showing that Apple is very strict when it comes to this sort of thing.
Even if the App was able to reconfigure itself to access data it does not have permission to access, it still needs to ask for permission.
I assume Google have similar protections in Android.
Yep, also Grizzly Research is a short seller, and this lawsuit was filed by an Arkansas attorney general. Arkansas makes really bad decisions like weakening child labor protection laws, don't trust anything that comes out of that state.
I use librewolf, and even with max privacy settings and anti-fingerprinting, it still said I had a semi-unique fingerprint. Turns out that the site wasn't built to handle the anti-fingerprinting system which will give false and randomized information about your computer to websites. So you're probably fine, but you can always use librewolf if you want more privacy
I posted a link to B&H photo and it found a couple
Visited on Jun. 27, 2024, 06:43 ET
Learn more
Blacklight Inspection Result
Blacklight works by visiting each website with a headless browser running custom software built by The Markup. To learn more, read our methodology.
3
Ad trackers found on this site.
This is less than half the average of seven that we found on popular sites
2
Third-party cookies found.
This is less than the average of three that we found on popular sites
Tracking that evades cookie blockers wasn't found.
Session recording services not found on this website.
We did not find this website capturing keystrokes.
Facebook Pixel not found on this website.
This site allows Google Analytics to follow you across the internet.
Some of the ad-tech companies this website interacted with:
The inspected website contacted some well known actors in the ad-tech industry. Not all of these loaded trackers, so they may be different from those listed in the tests section above. For more information on each company, what it does, and which of its domains Blacklight found during the inspection, click the arrow. Reading this can give you a better idea of how the ad-tech industry works.
Alphabet
See Something Worrying?
Tell us about it
Blacklight results should not be taken as the final word on potential privacy violations by a given website. Rather, they should be treated as an initial automated inspection that requires further investigation
Privacy
Hot
This magazine is not receiving updates (last activity 0 day(s) ago).