Malware Spotted Injecting Bing Results Into Google Searches
Saturday June 8, 2019. 03:30 AM , from Slashdot/Apple
A new strain of malware intercepts and tampers with internet traffic on infected Apple Macs to inject Bing results into users' Google search results. The Register reports: A report out this month by security house AiroAV details how its bods apparently spotted a software nasty that configures compromised macOS computers to route the user's network connections through a local proxy server that modifies Google search results. In this latest case, it is claimed, the malware masquerades as an installer for an Adobe Flash plugin -- delivered perhaps by email or a drive-by download -- that the user is tricked into running. This bogus installer asks the victim for their macOS account username and password, which it can use to gain sufficient privileges to install a local web proxy and configure the system so that all web browser requests go through it. That proxy can meddle with unencrypted data as it flows in and out to and from the public internet.
A root security certificate is also added to the Mac's keychain, giving the proxy the ability to generate SSL/TLS certs on the fly for websites requested. This allows it to potentially intercept and tamper with encrypted HTTPS traffic. This man-in-the-middle eavesdropping works against HTTP websites, and any HTTPS sites that do not employ MITM countermeasures. When the user opens their browser and attempts to run a Google search on an infected Mac, the request is routed to the local proxy, which injects into the Google results page an HTML iframe containing fetched Bing results for the same query, weirdly enough. As for why, 'it's believed the Bing results bring in web ads that generate revenue for the malware's masterminds,' the report says.
Read more of this story at Slashdot.
Jan, Wed 22 - 14:52 CET