home.social

#macsync — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #macsync, aggregated by home.social.

  1. 📢⚠️ Hackers are abusing hijacked Google Ads and fake Claude AI guides in a new #ClickFix attack targeting Mac users. Victims are tricked into pasting malicious Terminal commands that install #MacSync infostealer malware.

    Read more: hackread.com/google-ads-claude

    #CyberSecurity #macOS #Malware #GoogleAds #ClaudeAI

  2. 📢⚠️ Hackers are abusing hijacked Google Ads and fake Claude AI guides in a new attack targeting Mac users. Victims are tricked into pasting malicious Terminal commands that install infostealer malware.

    Read more: hackread.com/google-ads-claude

  3. 📢⚠️ Hackers are abusing hijacked Google Ads and fake Claude AI guides in a new #ClickFix attack targeting Mac users. Victims are tricked into pasting malicious Terminal commands that install #MacSync infostealer malware.

    Read more: hackread.com/google-ads-claude

    #CyberSecurity #macOS #Malware #GoogleAds #ClaudeAI

  4. 📢⚠️ Hackers are abusing hijacked Google Ads and fake Claude AI guides in a new #ClickFix attack targeting Mac users. Victims are tricked into pasting malicious Terminal commands that install #MacSync infostealer malware.

    Read more: hackread.com/google-ads-claude

    #CyberSecurity #macOS #Malware #GoogleAds #ClaudeAI

  5. 📢⚠️ Hackers are abusing hijacked Google Ads and fake Claude AI guides in a new #ClickFix attack targeting Mac users. Victims are tricked into pasting malicious Terminal commands that install #MacSync infostealer malware.

    Read more: hackread.com/google-ads-claude

    #CyberSecurity #macOS #Malware #GoogleAds #ClaudeAI

  6. 2025-12-23 (Tuesday): Based on yesterday's Jamf article, I downloaded the fake installer for #MacSyncStealer from zkcall[.]net and ran it on a macOS host in my lab.

    A #pcap of the #MacSync #Stealer traffic, the associated IOCs, the #malware sample, and a link to the Jamf article are at www.malware-traffic-analysis.net/2025/12/23/index.html

    Of note, the zkcall[.]net download page also has a link for a Windows download. The downloaded EXE file appears to be #DonutLoader, based on one of the follow-up EXE files it retrieved and ran: app.any.run/tasks/afd3ae74-297

  7. 2025-12-23 (Tuesday): Based on yesterday's Jamf article, I downloaded the fake installer for #MacSyncStealer from zkcall[.]net and ran it on a macOS host in my lab.

    A #pcap of the #MacSync #Stealer traffic, the associated IOCs, the #malware sample, and a link to the Jamf article are at www.malware-traffic-analysis.net/2025/12/23/index.html

    Of note, the zkcall[.]net download page also has a link for a Windows download. The downloaded EXE file appears to be #DonutLoader, based on one of the follow-up EXE files it retrieved and ran: app.any.run/tasks/afd3ae74-297

  8. 2025-12-23 (Tuesday): Based on yesterday's Jamf article, I downloaded the fake installer for #MacSyncStealer from zkcall[.]net and ran it on a macOS host in my lab.

    A #pcap of the #MacSync #Stealer traffic, the associated IOCs, the #malware sample, and a link to the Jamf article are at www.malware-traffic-analysis.net/2025/12/23/index.html

    Of note, the zkcall[.]net download page also has a link for a Windows download. The downloaded EXE file appears to be #DonutLoader, based on one of the follow-up EXE files it retrieved and ran: app.any.run/tasks/afd3ae74-297

  9. 2025-12-23 (Tuesday): Based on yesterday's Jamf article, I downloaded the fake installer for #MacSyncStealer from zkcall[.]net and ran it on a macOS host in my lab.

    A #pcap of the #MacSync #Stealer traffic, the associated IOCs, the #malware sample, and a link to the Jamf article are at www.malware-traffic-analysis.net/2025/12/23/index.html

    Of note, the zkcall[.]net download page also has a link for a Windows download. The downloaded EXE file appears to be #DonutLoader, based on one of the follow-up EXE files it retrieved and ran: app.any.run/tasks/afd3ae74-297

  10. 2025-12-23 (Tuesday): Based on yesterday's Jamf article, I downloaded the fake installer for #MacSyncStealer from zkcall[.]net and ran it on a macOS host in my lab.

    A #pcap of the #MacSync #Stealer traffic, the associated IOCs, the #malware sample, and a link to the Jamf article are at www.malware-traffic-analysis.net/2025/12/23/index.html

    Of note, the zkcall[.]net download page also has a link for a Windows download. The downloaded EXE file appears to be #DonutLoader, based on one of the follow-up EXE files it retrieved and ran: app.any.run/tasks/afd3ae74-297