According to a recent LinkedIn post from Guardio, the company’s research describes a campaign in which threat actors reportedly hijack legitimate Google Ads accounts of small businesses, such as churches and yoga studios, to promote malicious Mac technical support links. The post indicates that these ads direct users to AI-generated content on trusted publishing platforms, encouraging them to run a single macOS Terminal command that installs the AMOS Infostealer.
Claim 30% Off TipRanks
- Unlock hedge fund-level data and powerful investing tools for smarter, sharper decisions
- Discover top-performing stock ideas and upgrade to a portfolio of market leaders with Smart Investor Picks
The LinkedIn post suggests that this malware can rapidly exfiltrate saved passwords, crypto wallets, and personal files, and that the operation appears self-sustaining by using stolen credentials to finance additional hijacked ads. For investors, this type of research may underscore Guardio’s domain expertise in browser and ad-based threat detection, potentially strengthening its positioning in consumer and SMB cybersecurity and supporting demand for protections against increasingly sophisticated social-engineering and ad-hijacking campaigns.