Mastodawn

Developers, please be careful when installing Homebrew. Google is serving sponsored links to a Homebrew site clone that has a cURL command to malware. The URL for this site is one letter different than the official site.

Note: Google allows the ad sponsors to specify an URL that will be displayed on the ad (original brew.sh here), but the click takes you to the malware domain brewe.sh.

#Apple #HomeBrew #Google #MacOS

Ryan Chenkie (@ryanchenkie) on X

⚠️ Developers, please be careful when installing Homebrew. Google is serving sponsored links to a Homebrew site clone that has a cURL command to malware. The URL for this site is one letter different than the official site.

X (formerly Twitter)

Show thread

NKTSecurity Jan 20

@kravietz the life of a modern hack, eh? The Google dev on twitter will likely fix it now.
But yes, a modern hack ~45 minutes from first report to solution/mitigation, but who knows how many devs had their boxes compromised by that malware cURL? And hopefully Google'll fix it properly and permanently this time.

Show thread

Tech Support

@Dss @kravietz They won't fix it, they'll take down this single ad campaign.
This issue has existed for years, a number of times I've gotten sponsored ads that purported to by from Google's own product, youtube, include a link indicating www.youtube.com that actually redirected to malware. They do not care, they make money on these malware campaigns, and when someone reports them and they're taken down, they do not refund the originators funds, so it becomes doubly profitable.

Show thread

NKTSecurity Jan 30

@TechSupport @kravietz Yeah, that was my take too.
"It's very hard to make a man see that something is wrong if his salary depends on it being right" or whatever that quote is.