Hello, welcome to the Wednesday, November 2, 2016 edition of the Sansanet Storm Center's Stormcast.

My name is Johannes Ulrich, and the day I'm recording from Jacksonville, Florida.

Security company Silence did discover a pretty nifty malvertising campaign that is targeting Mac OS users users what they're doing here is that they're

advertising actually a download for google chrome now kind of ironic that they're using

google ads to do so so on google's website it will display in the top location the get Google Chrome link that's actually

malicious and to make things worse the URL displayed below is actually the

legitimate Google.com slash Chrome URL turns out that when you buy ads

via Google that you can actually set that display URL to whatever string you would

like to and then redirect the user to the actual URL.

And apparently Google doesn't even have sort of a blacklist built in here for their own

URLs. Now if a user falls for this and installs the malicious application, they're then going to

be bombarded with ads.

At this point, it doesn't look like this software is doing anything but displaying ads

to the user.

The same software that's being distributed via these malvertising links also has been seen in the past, advertised as a flash player.

So essentially it does rely on the user willingly installing that software.

It's nothing that would sort of abuse an exploit in order to get itself installed

on the victim's machine. Now silence doesn't say anything about whether or not the binary was

digitally signed, but typically these binaries are signed with a valid developer signature, so the

result would be that the user installing this particular

application has no idea that anything malicious is being done here.

Apparently, the ad also sort of works for Windows users, but the domain the user is being

...