logo

Hackers Abuse Verified X Ads to Deliver Mac Malware Through ClickFix Attack

ID: 73baf5a2-684e-5641-828b-cff2bd58a313

STIX ID: report--73baf5a2-684e-5641-828b-cff2bd58a313

Feed Name: Cyber Press

Threat Score
70/100

Date Published: 2026-07-04

Date Updated: 2026-07-04

Author: Mayura

...
...

A sponsored, verified ad campaign on X directed macOS users to a lookalike site (dynamicmacisland.com) that instructed victims to paste Terminal commands, silently installing macOS malware (Atomic Stealer variants) to exfiltrate credentials and browser data. The report also describes ConsentFix, a browser/OAuth manipulation enabling rapid account takeover by extracting valid tokens via drag-and-drop interactions, and provides mitigation advice such as tightening ad/brand monitoring, endpoint protections, conditional access, and user education.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.