When searching for new software online, you never want to click on the first search result because you may be dealing with fake ads spreading dangerous malware.

Just as the Arc browser was used in the recent Poseidon campaign, hackers are once again using fake ads to direct unsuspecting Mac users to malicious sites hosting malware. The malware steals passwords from web browsers and Apple Keychain, downloads fake Microsoft Teams, and steals cryptocurrency.

Here's everything you need to know about this new campaign, along with tips on how to protect your Mac from the virus.

Cybercriminals and other hackers have traditionally used communication tools like Zoom, Webex, and Slack to lure them in, but this time around, software giant Microsoft Teams workplace chat app is extremely popular, Microsoft Teams.

In a new report, security researchers at Malwarebytes describe how a fake ad appeared at the top of Google searches for “Microsoft Teams for Mac.” They believe the ads were paid for by compromised Google advertising accounts.

The ad itself shows microsoft[.] as the URL at the top. com, but clicking on it does not take the user to the official Microsoft website. Instead, it shows a teambusiness[.] that masquerades as the actual Microsoft Teams site. org, which is a fake landing page with the URL.

At the top of this incredibly simple site is an Apple logo and a brief description of the app and its features. Below that is a “Download Teams” button, which, when clicked, downloads the malicious Mac app.

If you are a frequent user of the best MacBooks, you may immediately know something is wrong as the downloaded file (MicrosoftTeams_v.(xx).dmg) tells potential victims to right-click to open it. This is a big red flag because apps that require installation in this manner are actually trying to circumvent Apple's built-in protection mechanisms against unsigned installers.

From here, the malicious app will require the user to enter a password to gain access to the file system. But in doing so, the Atomic Stealer malware is able to retrieve the Apple Keychain password and other important files on the Mac that are currently compromised. If the situation is left unchecked, the malware will extract sensitive data from Apple computers and send it back to the hackers behind this campaign.

As I mentioned before, the first and most important thing you can do to protect yourself from fake ads spreading malware is to scroll further down the page when searching for new software online. Like you and me, hackers can easily purchase advertising space, but for far more nefarious purposes.

Taking an extra second or so to scroll down to a company's actual website can save you from falling victim to a nasty malware infection and possibly even having your identity stolen by hackers.

Macs have built-in antivirus software called XProtect, but consider using one of the best Mac antivirus software solutions along with it. Paid antivirus software is updated more regularly and often comes with additional features to keep you safe online, such as VPNs and password managers.

Over the past few years, we have seen hackers routinely use fake ads in malware campaigns. Fortunately, if you ignore the ads and scroll down, you can avoid falling victim to this and other similar campaigns designed to infect your Mac with password-stealing malware.