{"id":25217,"date":"2025-10-22T10:06:07","date_gmt":"2025-10-22T10:06:07","guid":{"rendered":"https:\/\/www.europesays.com\/ro\/25217\/"},"modified":"2025-10-22T10:06:07","modified_gmt":"2025-10-22T10:06:07","slug":"google-ads-poate-fi-folosit-pentru-a-ascunde-malware","status":"publish","type":"post","link":"https:\/\/www.europesays.com\/ro\/25217\/","title":{"rendered":"Google Ads poate fi folosit pentru a ascunde malware"},"content":{"rendered":"<p>O campanie sofisticat\u0103 de atacuri informatice vizeaz\u0103 utilizatorii de macOS, prin intermediul reclamelor Google Ads care promoveaz\u0103 site-uri false ce imit\u0103 platforme populare.<\/p>\n<p>Exper\u021bi ai securit\u0103\u021bii cibernetice au descoperit \u0219i identificat care cloneaz\u0103 branduri cunsocute de site-uri, iar reclamele Google respective trimit utilizatorii c\u0103tre comenzi terminal care instaleaz\u0103 malware precum AMOS (Atomic macOS Stealer) \u015fi Odyssey Stealer. Atacatorii folosesc metoda denumit\u0103 \u201eClickFix\u201d, \u00een care apar reclame pl\u0103tite Google Ads ce par legitime, cu URL-uri afi\u015fate corecte (ex: brew.sh pentru Homebrew), dar care redirec\u0163ioneaz\u0103 c\u0103tre domenii falsificate (ex: brewe[.]sh). Pe aceste site-uri false, utilizatorii sunt \u00eendruma\u0163i s\u0103 execute comenzi \u00een Terminal sau shell, scopul fiind instalarea malware-ului. \u00cen unele cazuri, tema este camuflat\u0103 ca o verificare de securitate pentru TradingView sau un update Homebrew.<\/p>\n<p>Odat\u0103 executat\u0103, comanda descarc\u0103 un fi\u015fier \u201einstall.sh\u201d, elimin\u0103 flag-urile care pot ridica suspiciuni, ocole\u015fte sistemele de verificare (ex: Gatekeeper pe macOS), verific\u0103 dac\u0103 sistemul ruleaz\u0103 \u00eentr-o ma\u015fin\u0103 virtual\u0103 sau mediu de analiz\u0103, dup\u0103 care instaleaz\u0103 infostealer-ul. Acesta colecteaz\u0103 informa\u0163ii sensibile precum date de hardware \u015fi memorie, cookies din browsere (Chrome, Safari, Firefox), extensii pentru portofele cry2pto, date din Keychain \u015fi fi\u015fiere personale, \u015fi trimite toate aceste informa\u0163ii c\u0103tre servere de control externe.<\/p>\n<p>Speciali\u0219tii \u00een securitate avertizeaz\u0103 c\u0103 atacul vizeaz\u0103 \u00een special dezvoltatorii macOS, dar \u0219i utilizatorii obi\u0219nui\u021bi pot fi afecta\u021bi. Recomandarea principal\u0103 este ca aplica\u021biile s\u0103 fie desc\u0103rcate doar de pe site-urile oficiale, evit\u00e2nd linkurile din reclame, \u0219i ca solu\u021biile de securitate s\u0103 fie men\u021binute permanent actualizate.<\/p>\n","protected":false},"excerpt":{"rendered":"O campanie sofisticat\u0103 de atacuri informatice vizeaz\u0103 utilizatorii de macOS, prin intermediul reclamelor Google Ads care promoveaz\u0103 site-uri&hellip;\n","protected":false},"author":2,"featured_media":25218,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16],"tags":[11682,11683,11684,41,40,38,39,141,124],"class_list":{"0":"post-25217","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-tehnologie","8":"tag-google-ads","9":"tag-mac","10":"tag-malware","11":"tag-ro","12":"tag-romana","13":"tag-romania","14":"tag-romanian","15":"tag-technology","16":"tag-tehnologie"},"share_on_mastodon":{"url":"","error":""},"_links":{"self":[{"href":"https:\/\/www.europesays.com\/ro\/wp-json\/wp\/v2\/posts\/25217","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.europesays.com\/ro\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.europesays.com\/ro\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/ro\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/ro\/wp-json\/wp\/v2\/comments?post=25217"}],"version-history":[{"count":0,"href":"https:\/\/www.europesays.com\/ro\/wp-json\/wp\/v2\/posts\/25217\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/ro\/wp-json\/wp\/v2\/media\/25218"}],"wp:attachment":[{"href":"https:\/\/www.europesays.com\/ro\/wp-json\/wp\/v2\/media?parent=25217"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.europesays.com\/ro\/wp-json\/wp\/v2\/categories?post=25217"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.europesays.com\/ro\/wp-json\/wp\/v2\/tags?post=25217"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}