It has been found that a search hijacking malware is targeting the Apple MacOS devices. This malware was found last week by a security firm AiroAv and can be used to implement to effectively hijack search engine results in the infected browsers.
The interesting part of this malware is that it’s working for the benefit of Microsoft by bringing the Bing search results into the Google search results page when someone searches for something on the Google search engine.
How This Malware Works?
The previous hijacking methods which involve installing a browser extension or injecting AppleScript cannot me implanted now because of Apple MacOS Mojave update. This update has fixed most of the bugs and loopholes making this method of no use.
But the hackers have found out a new much better and effective method to hijack the user’s browsers. The name of this new method is the MITM proxy.
On using MITM, the attackers can very easily inspect the traffic of all the user’s. They can also look into the user’s encrypted data, manipulate them and can also return handled responses to the users.
This MacOS malware pretends to be a fake Adobe Flash plugin and the users install this plugin in their browsers. The installation process is same as of the original Adobe Flash plugin and this is the reason why the users are not able to recognize it.
This malware is getting spread by emails and drive-by downloads. After the completion of the installation process, this malware creates a local proxy on the infected system by asking the user to provide their Apple user id and password. This proxy is finally utilized to hijack the results.
Though this malware is working for the benefit of the Bing search engine, it has no relation with the Microsoft company. According to AiroAv the purpose of injecting Bing results is to show ads during the process and earn money. These could also be Bing ads or other ads.