Affects: CrowdStrike researchers tracked an adware campaign that injects ads into Chrome and Safari browsers on macOS. Victims are tricked into opening a DMG file and running a shell script which masquerades as a legitimate installer application. The shell script modifiers browser settings that allow ads to display.
The Chrome version of the install script loads a malicious Chrome extension to monitor browser activity.
The campaign leverages a combination of AppleScript and Python to infect devices.
Prevented by: Jamf Protect tracks this adware campaign and threat prevention rules block its execution as of March 22, 2022.
IoCs (as published by CrowdStrike):
Malicious URLs (as published by CrowdStrike):
Online ads bombarding your Mac? Don’t let questionable ads get in the way of productivity.
Contact Jamf, or your preferred reseller to roll out Jamf Protect and get your macOS fleet secured against security threats today.
Have market trends, Apple updates and Jamf news delivered directly to your inbox.