Mac malvertising campaign (11-16-2025)
- Description:Malicious Google Search ad for Mac users
- Severity: Medium
- Reporter: Jérôme Segura
- Reported to Google: 11/16/2025
Google Search Ad
Traffic view
Decoy page
IOCs
| Fake Google Sites | hxxps[://]sites[.]google[.]com/ss[.]kangarooiv[.]com/963411-6546/3425 |
| Malicious script | hxxps[://]gutando[.]com/cleaner |
| Payload URL | hxxps[://]gutando[.]com/ftwo/update |
| Payload SHA256 | da82a29be37f73550550ab62d51bb15bbcda60d32c1b58bdba7a67dc471a4c53 |