Comment by cbeach
3 days ago
Slightly tangential, but I went to set up Homebrew today on a new Mac. Stupidly clicked the top link in Google (which was sponsored but not obviously so). Took me to a spoof Homebrew page. I ran the script. Typed in my Mac password like a fool when prompted, and nothing happened. Then I realised what an idiot I’d been.
Claude found evidence of an exfiltration malware on my laptop and I inmediately wiped the device and started again. Revoked all my keys, rotated all my passwords. And now I pray the damage is contained.
I can’t believe that Google would have let this slip through. I probably wasn't the only one that got caught out.
We’ve complained about this to Google many times to no avail. It’s very frustrating. They are literally paid money to let people install malware on your machine. Please direct all annoyance and resentment to them (we share it).
Firstly, Mike, thank you for all you've done with HomeBrew - an amazing product. None of my ire was directed at you or HomeBrew.
I am so frustrated at Google, not just for this incident, but for many reasons (like their inexplicable shutdown of my own Adsense account years ago, and their neglect of several products I'd built against or bought). When they act, they leave us with no recourse. I feel anxious being dependent on them, even for simple stuff like my email account.
They are sufficiently big that they no longer care about the little guy anymore. They are only interested in swallowing up all the World's data and cashing in on Workspace.
Thanks for the kind words. Glad no ire directed at us. It is very frustrating I agree.
I've heard of that but never experienced it on my Google. Weird. I just retried that now and it's giving the correct link. Maybe that's why it's not being fixed.
I reported the ad to Google immediately, and when I checked back an hour later the search results were clear. But I suspect it's only a matter of time before another one slips through the net.
I think what happens is a legitimate business with a history of legit Google advertising gets compromised by malware, and then their Google adverts are flipped.
Just heard back from Google regarding my report of the ad that served malware to me:
> Dear Chris,
> We’re writing to let you know that we reviewed your report (ID 579240969280369002).
> Here's what we found
> We decided not to take this ad down. We found that the ad doesn’t go against Google’s policies, which prohibit certain content and practices that we believe to be harmful to users and the overall online ecosystem.
I think the safest thing I can do right now is avoid using Google for searches and instead use Claude, which at least has functioning safeguards, and is less easily poisoned than Google Search.
[dead]