Malicious ads are pushing fake Homebrew installers to Mac users, and the attack relies on trusting the first Google search result.
macOS Terminal
macOS Terminal
Attackers are buying Google ads to place a fake Homebrew site above the real one, then trick users into running a malicious Terminal command. The tactic is effective because it leans on routine behavior instead of technical exploits.
Developers and everyday Mac users rely on Homebrew to install software, which makes it a high-value target. The real installation process already involves pasting a command into Terminal, so the fake version doesn’t immediately stand out.