hire a hacker club reviews(HIREAHACKER.CLUB)

Introduction：

1、Security Bite： How hackers are still using Google Ads to spread malware

2、The great Google Ads heist： criminals ransack advertiser accounts via fake Google ads

Security Bite： How hackers are still using Google Ads to spread malware ♂

　　9to5Mac Security Bite is exclusively brought to you by Mosyle,?the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

　　Last weekend, Google was found again serving a malicious website at the top of Search as a sponsored result. This isn’t the first time Google Ads has approved websites with embedded malware; in fact, the first instance of this goes back to 2007 when the platform (then called Google AdWords) was promoting fake antivirus software widely referred to as “scareware” at the time. But how, in 2025, can Google, with its DeepMind and deeper pockets, still allow this to happen? How are hackers outsmarting it?

　　This week, I want to briefly discuss this new campaign and how they were likely able to pull it off.

　　Security Bite is a weekly security-focused column on 9to5Mac. Each week, I share insights on data privacy, discuss the latest vulnerabilities, and shed light on emerging threats within Apple’s vast ecosystem of over 2 billion active devices.

　　Homebrew is a widely used open-source package manager for macOS and Linux that allows users to install, update, and manage software via the command line.

　　In a post to X on Saturday last week, Ryan Chenkie warned other users on the platform that Google was serving an ad for a malicious clone of the popular developer tool that contains malware targeted toward Mac and Linux machines.

　　Most people can distinguish a fake site by its URL. Hackers will use a “0” instead of “o,” a capital “I” instead of a lowercase “l,” etc. But in this case, Chenkie found that the fake clone displayed Homebrew’s actual URL (“brew.sh”) in Google Search, giving virtually zero hints that it’s not the real site. However, when clicked, hackers redirect potential victims to the malicious clone site (“brewe.sh”).

　　On the malicious site, visitors were instructed to install Homebrew by executing a command in their terminal, a process that mirrors the legitimate installation process for the real Homebrew. But unbeknownst to them, running this command initiates the download and execution of the malware on their Mac or Linux machine.

　　The malware used in this campaign is called AMOS Stealer, also known as ‘Atomic.’ It is an infostealer designed explicitly for macOS, available to cybercriminals as a subscription service costing $1,000 per month. Once infected, it’ll begin using scripts to harvest as much user data as possible. This typically includes iCloud Keychain passwords, credit card information, files, browser-stored crypto wallet keys, and more. After which AMOS will use its cURL command to quietly relay stolen data back to the attackers.

　　Homebrew’s project leader, Mike McQuaid, also posted to X to acknowledge the issue but emphasized the project’s limited ability to prevent further occurrences. McQuaid said the clone site has since been taken down but criticized Google at the same time for its insufficient review process, stating, “There’s little we can do about this really; it keeps happening again and again, and Google seems to like taking money from scammers. Please signal-boost this and hopefully someone at Google will fix this for good.”

　　If you are anything like me, you’re baffled by how Google still allows this to happen. Especially after last year, when a fake clone of Google Authenticator, a well-known and trusted multi-factor authentication tool, was approved and displayed as a sponsored result pushing malware to unsuspecting victims.

　　Like Apple’s App Store review process, Google Ads is not immune to bad actors trying to trick its way into being “approved.” However, unlike the App Store, Google Ads relies heavily on automated systems for reviewing, allowing hackers to use clever evasion techniques.

　　One common method involves registering domain names that closely resemble legitimate ones, such as “brewe.sh” in the recent Homebrew campaign. From here, they can perform a “bait-and-switch” by initially submitting harmless content for approval and later replacing it with a redirect to a malicious site once their ads are approved. How does this not get flagged by Google? Hackers can get away with this by hijacking Google Ads accounts with a clean history and good reputation. These can often get away with more. The legit URL would still display in the search results until Google crawls again.

　　Of course, I can’t confirm this was how they were able to do it, but if history tells us anything…

　　Luckily, these attacks are usually short-lived because of the Google Ads reporting process. But even a few hours of exposure could result in hundreds, if not thousands, of infections. After all, Google Search is used by hundreds of millions of people daily.

　　Trust, but verify. Always. ??

　　Thank you for reading! Security Bite will be back next Friday.

The great Google Ads heist： criminals ransack advertiser accounts via fake Google ads ♂

　　Online criminals are targeting individuals and businesses that advertise via Google Ads by phishing them for their credentials — ironically — via fraudulent Google ads.

　　The scheme consists of stealing as many advertiser accounts as possible by impersonating Google Ads and redirecting victims to fake login pages. We believe their goal is to resell those accounts on blackhat forums, while also keeping some to themselves to perpetuate these campaigns.

　　This is the most egregious malvertising operation we have ever tracked, getting to the core of Google’s business and likely affecting thousands of their customers worldwide. We have been reporting new incidents around the clock and yet keep identifying new ones, even at the time of publication.

　　The following diagram illustrates at a high level the mechanism by which advertisers are getting fleeced:

　　Back to top

　　Advertisers are constantly trying to outbid each other to reach potential customers by buying ad space on the world’s number one search engine. This earned Google a whopping $175 billion in search-based ad revenues in 2023. Suffice to say, the budgets spent in advertising can be considerable and of interest to crooks for a number of reasons.

　　We first started noticing suspicious activity related to Google accounts somewhat accidentally, and after a deeper look we were able to trace it back to malicious ads for… Google Ads itself! Very quickly we were overwhelmed by the onslaught of fraudulent “Sponsored” results, specifically designed to impersonate Google Ads, as can be seen in Figure 2:

　　While it is hard to believe such a thing could actually happen, the proof is there when you click on the 3-dot menu that shows more information about the advertiser. We have partially masked the victim’s name, but clearly it is not Google; they are just one of the many accounts that have already been compromised and abused to trick more users:

　　People who will see those ads are individuals or businesses that want to advertise on Google Search or already do. Indeed, we saw numerous ads specifically for each scenario, sign up or sign in, as seen in Figure 4:

　　The fake ads for Google Ads come from a variety of individuals and businesses, in various locations. Some of those hacked accounts already had hundreds of other legitimate ads running, and one of them was for a popular Taiwanese electronics company.

　　To get an idea of the geographic scope of these campaigns, we performed the same Google search simultaneously from several different geolocations (using proxies). First, here’s the malicious ad from a U.S. IP address belonging to a business registered in Paraguay:

　　Now, here’s that same ad that appears on Google Search in several other countries:

　　Once victims click on those fraudulent ads, they are redirected to a page that looks like Google Ads’ home page, but oddly enough, it us hosted on Google Sites. These pages act as a sort of gateway to external websites specifically designed to steal the usernames and passwords from the coveted advertisers’ Google accounts.

　　There’s a good reason to use Google Sites, not only because it’s a free and a disposable commodity but also because it allows for complete impersonation. Indeed, you cannot show a URL in an ad unless your landing page (final URL) matches the same domain name. While that is a rule meant to protect abuse and impersonation, it is one that is very easy to get around.

　　Looking back at the ad and the Google Sites page, we see that this malicious ad does not strictly violate the rule since sites.google.com uses the same root domains ads ads.google.com. In other words, it is allowed to show this URL in the ad, therefore making it indistinguishable from the same ad put out by Google LLC..

　　After the victims click on the “Start now” button found on the Google Sites page, they are redirected to a different site which contains a phishing kit. JavaScript code fingerprints users while they go through each step to ensure all important data is being surreptitiously collected.

　　Finally, all the data is combined with the username and password and sent to the remote server via a POST request. We see that criminals even receive the victim’s geolocation, down to the city and internet service provider.

　　There are multiple online reports of people who saw the fake Google Ads and shared their experiences:

　　We were able to get in touch with a couple of victims who not only saw the ads but were actually scammed and lost money. Thanks to their testimony and our own research, we have a better idea of the criminals’ modus operandi:

　　We identified two main groups of criminals running this scheme but the more prolific by far is one made of Portuguese speakers likely operating out of Brazil. Victims have also shared that they had received a notification from Google indicating suspicious logins from Brazil. Unfortunately, those notifications often came too late or where dismissed as legitimate, and the criminals already had time to do some damage.

　　We should also note a third campaign that is very different from the other two, and where the threat actors’ main goal is to distribute malware. The Google Ads phishing scheme may have been a temporary run which was not their main focus.

　　In the span of a few days, we reported over 50 fraudulent ads to the Google Ad team all coming from this Brazilian group. We quickly realized that no matter how many reported incidents and takedowns, the threat actors managed to keep at least one malicious ad 24/7.

　　Figure 13 shows the network traffic resulting from a click on the ad. You will see multiple hops before finally arriving to the phishing portal. The second URL shows the crooks are using a paid service to detect fake traffic.

　　Within the JavaScript code part of the phishing kit, there are comments in Portuguese. Figure 14 shows a portion of the code that does browser fingerprinting, which is a way of identifying users. Browser language, system CPU, memory, screen-width, and time zone are some of the data points collected and then hashed.

　　The second group is using advertiser accounts from Hong Kong and appears to be Asia-based, perhaps from China. Interestingly, they also use the same kind of delivery chain by leveraging Google sites. However, their phishing kit is entirely different from their Brazilian counterparts.

　　Figure 16 below shows a code extract with comments in Chinese, as well as a function called xianshi, pinyin for 显示 (Xiǎnshì) which means display (thanks to the person leaving a comment and clarifying).

　　We observed another campaign which has a very different modus operandi. Google Sites is not involved at all, and instead they rely on a fake CAPTCHA lure and heavy obfuscation of the phishing page.

　　Interestingly, the malicious ad we found was for Google Authenticator, despite the obvious ads-goo[.]click domain name. However, for about day or so, the redirect from that domain lead directly to a phishing portal hosted at ads-overview[.]com.

　　The reason why we suggest the threat actors may be Eastern Europeans here is because of the type of redirects and obfuscation. There is also a distant feel of ‘software download via Google ads’ we have reported on previously (see Threat actor impersonates Google via fake ad for Authenticator).

　　A PHP script (cloch.php) then determines if the visitor is genuine or not (likely doing a server-side IP check). VPNs, bot and detection tools will get a “white” page showing some bogus instructions on how to run a Google Ads campaign. Victims are instead redirected to ads-overview[.]com which is a phishing portal for Google accounts.

　　When we checked back on this campaign a few days later, we saw that the ad URL now redirected to a fake Google Authenticator site, likely to download malware. The redirection mechanism is shown in Figure 20:

　　Stolen Google Ads accounts are a valuable commodity among thieves. As we have detailed it many times on this blog, there are constant malvertising campaigns leveraging compromised advertiser accounts to buy ads that push scams or deliver malware.

　　If you think about it for a second, crooks are using someone else’s budget to further continue spreading malfeasance. Whether those dollars are spent towards legitimate ads or malicious ones, Google still earns revenues from those ad campaigns. The losers are the hacked advertisers and innocent victims that are getting phished.

　　As result, taking action on compromised ad accounts plays a key part in driving down malvertising attacks. Google has yet to show that it takes definitive steps to freeze such accounts until their security is restored, despite their own policy on the subject (Figure 20). For example, we recently saw a case where the same advertiser that had already been reported 30 times, was still active.

　　As the scourge of fraudulent ads continues, we urge users to pay particular attention to sponsored results. Ironically, it’s quite possible that individuals and businesses that run ad campaigns are not using an ad-blocker (to see their ads and those from their competitors), making them even more susceptible to fall for these phishing schemes.

　　We don’t just report on threats—we block them

　　Cybersecurity risks should never spread beyond a headline. Keep threats off by downloading Malwarebytes Browser Guard today.

　　Fake Google Sites pages

　　Phishing domains

Related questions

When considering "Hire a Hacker Club Reviews," it's crucial to approach the topic with caution due to significant legal, ethical, and security concerns. Here's a structured overview:

Key Considerations:

1. Legality:

   • Hiring hackers for unauthorized activities (e.g., hacking accounts, stealing data) is illegal in most jurisdictions. Engaging with such services could lead to criminal charges, fines, or imprisonment.
   • Ethical hacking (e.g., penetration testing) should be conducted through licensed professionals or reputable cybersecurity firms.

2. Scam Risks:

   • Many "hacker-for-hire" services are scams designed to exploit users financially. Fake reviews may be posted to lure victims, and payments (often in cryptocurrency) are irreversible.
   • Law enforcement agencies sometimes operate sting operations targeting such services.

3. Review Authenticity:

   • Reviews for illicit services are often unreliable. Positive testimonials may be fabricated, while negative ones could be from disgruntled users or competitors.
   • Lack of verifiable details (e.g., company registration, professional certifications) is a red flag.

4. Consequences:

   • Legal Exposure: Participation in hacking activities can result in prosecution.
   • Financial Loss: Scams may drain funds without delivering services.
   • Privacy Risks: Sharing personal information with malicious actors could lead to identity theft or blackmail.

Alternatives for Legitimate Needs:

• Cybersecurity Professionals: Hire certified ethical hackers (CEH) or firms for penetration testing via platforms like Upwork or through referrals.
• Legal Channels: Report issues to authorities (e.g., law enforcement for cybercrimes, IT departments for account recovery).

Final Advice:

• Avoid Illicit Services: The risks far outweigh any perceived benefits.
• Seek Ethical Solutions: For cybersecurity needs, consult legitimate experts or report concerns to appropriate authorities.

Engaging with "hacker clubs" is strongly discouraged. Prioritize legal and ethical avenues to address any concerns.