HeadlinesBriefing favicon HeadlinesBriefing.com

Malware Spreads via Sponsored X Ad Posing as Mac App

9to5Mac •
×

Jamf Threat Labs uncovered a malicious campaign on X, formerly Twitter, distributing malware disguised as a sponsored ad. The ad promoted a fake version of the Mac app Dynamic Lake, which adds functionality to the Mac's notch. A verified account, likely tricked, posted the ad, lending it an air of legitimacy and increasing its danger to users.

The attack targeted Mac users by directing them to a lookalike domain. Visitors were instructed to open Terminal and paste code, a classic social engineering tactic. This code silently installed a variant of Atomic Stealer, tracked as Mac Sync, though Digit Stealer was also identified. The ad bypassed X's security checks through a single redirect, a method seen previously with Google Ads.

The developer of the real Dynamic Lake expressed dismay, stating they have been battling fake copies of their app. They urged users to download only from the official Dynamic Lake.com to avoid malware. Jamf reported the ad to X, and it was removed, but the incident raises questions about the platform's ad verification processes.

This incident highlights the persistent threat of malware distribution through seemingly legitimate advertising channels, even on major social media platforms. The reliance on verified accounts and familiar branding can easily be exploited to deceive users into compromising their systems.