Hello gang,
I’ve never heard of Home Brew before I read this article, although maybe its possible its been braught up in other areas I was listening but not knowing what this is.
This is where checking your domains is very important, because the JRN’s Jared Rimer read this article and looked at the spelling of the domain that was mentioned in the article.
When you search for Home Brew for Linux and Mac, you’ll find the web site, and the TLD is one that I’ve seen a few sites of. Can anyone tell me what that TLD is?
If you have guessed, even if you’ve not submitted to me, the answer is .sh.
.sh is the Internet country code top-level domain for the British Overseas Territory of Saint Helena, Ascension and Tristan da Cunha, although it is primarily used in Saint Helena (Ascension Island has its own ccTLD, .ac).Registrations of internationalized domain names are also accepted.
According to Wikipedia, people in these areas don’t have pages related to their area, instead, its used as a redirector in some cases, but in Homebrew’s case, they use it because of Linux and the shell commands it offers.
The JRN did look up the correct home brew page, and This link will take you there. Its page is located at brew.sh and they do have subdomains for their branches, similar to how the JRN is operated.
The bad page, which the JRN did look at to see where it was to go, was blocked by Firefox’s Google Safe Browsing system.The bad domain has an extra E (echo) at the end of its domain, so it is brewe.sh not brew.sh. (b r e w e, not b r e w)
This is why it is so important for people to make sure that they go to the trusted web site of where they want to go and not necessarily relying on those search results.
In our links section, we will make sure that home brew is listed here on the blog because people may find it of value.
Hackers are once again abusing Google ads to spread malware, using a fake Homebrew website to infect Macs and Linux devices with an infostealer that steals credentials, browser data, and cryptocurrency wallets.
The malware used in this campaign is AmosStealer (aka ‘Atomic’), an infostealer designed for macOS systems and sold to cyber criminals as a subscription of $1,000/month.
Homebrew is a popular open-source package manager for macOS and Linux, allowing users to install, update, and manage software from the command line.
A malicious Google advertisement displayed the correct Homebrew URL, “brew.sh,” tricking even familiar users into clicking it. However, the ad redirected them to a fake Homebrew site hosted at “brewe.sh” instead.
Malvertisers have extensively used this URL technique to trick users into clicking on what seems to be the legitimate website for a project or organization.
Security researcher JAMESWT found that the malware dropped in this case [VirusTotal] is Amos, a powerful infostealer that targets over 50 cryptocurrency extensions, desktop wallets, and data stored on web browsers.
Homebrew’s project leader, Mike McQuaid, stated that the project is aware of the situation but highlighted that it’s beyond its control, criticizing Google for its lack of scrutiny.
These sections of the article are the points I want people to read, although there is plenty more including notes on how to protect yourself including bookmarking official pages, checking those links, or just ask someone who you know to give you the proper page.
To read the article in full, Fake Homebrew Google ads target Mac users with malware is your article.
Discover more from The Technology blog and podcast
Subscribe to get the latest posts sent to your email.