A new malicious campaign is abusing Google Ads to target Mac users, displaying sponsored results that appear to lead to legitimate Google domains such as docs.google.com and business.google.com.
From there, users are redirected to Google Apps Script pages and fake Medium profiles that closely mimic Apple’s official website or Apple Support accounts. These pages instruct users to run obfuscated Terminal commands (Base64-encoded and executed via zsh), potentially compromising their systems.
The ads appear to come from Google-verified advertiser accounts, suggesting that legitimate accounts may have been compromised rather than created solely for malicious use.
By leveraging both trusted Google domains and verified advertiser status, this campaign poses a high-risk phishing threat for Mac users and raises serious concerns about the integrity of the Google Ads ecosystem.
This news was shared by Olena Khomych from MacKeeper.