Skip to content
Tech News
← Back to articles

Malware found spreading through sponsored ad on X

read original more articles
Why This Matters

This incident highlights the ongoing risks of social engineering and malicious advertising on social media platforms like X, which can deceive even verified users and compromise consumer security. It underscores the importance of vigilance and improved platform safeguards to prevent malware distribution through sponsored content, especially targeting Mac users. For the tech industry, it emphasizes the need for stronger detection and response mechanisms to protect users from evolving threats.

Key Takeaways

Jamf Threat Labs, the company’s security research arm, recently shared details of a ClickFix-style attack it spotted running as a sponsored ad on the social media site X. Originating from a well-known verified account, it promoted a malicious domain under the guise of a popular Mac app.

The ad in question was posing as DynamicLake, a legitimate Mac utility that turns your MacBook’s notch into an unofficial but fully working Dynamic Island.

Screenshot of the malicious sponsored tweet posing as the real DynamicLake.

via Jamf Threat Labs.

But per Jamf’s investigation, the original link seen above redirects to dynamicmacisland[.]com, a malicious lookalike domain with no ties to the actual app.

Once there, visitors were instructed to open Terminal and paste installation code that would quietly install malware on the victim’s Mac. This is a classic technique that defines ClickFix social engineering attacks.

Legitimate apps, which are signed and notiorized by Apple, will never ask you to do this.

Malicious landing page with ClickFix attack. Screenshot via Jamf Threat Labs.

Jamf identified the payload as a recent Atomic Stealer variant, which it tracks as MacSync. There have also been cases of DigitStealer identified in this attack too.

The account is well-known

... continue reading