Malware found spreading through sponsored ad on X
Verified sponsored advertisements on X and Google are currently distributing malicious software targeting macOS and Microsoft account credentials.
Velocity
How fast coverage is spreading — measured hourly from article rate × source diversity. How this works →
The brief
Malware identified as MacSync Stealer is spreading through deceptive sponsored advertisements on X and Google. These ads, which pose as the Claude Code tool, are reportedly capable of hijacking macOS systems and targeting Ledger wallets. Separate reports indicate that an entity named ConsentFix is simultaneously targeting Microsoft account credentials.
Coverage from 9to5Mac, Malwarebytes, Security Boulevard, and CyberSecurityNews highlights the integration of these threats into verified advertising platforms. Sources including gbhackers.com, cyberpress.org, and Huntress emphasize the use of weaponized advertisements as a primary distribution vector for current digital attacks. Future developments will depend on actions taken by advertising platforms to remove the malicious content.
Reports do not yet specify the full scope of user impact or the current status of the affected advertisement accounts.
Synthesized by headlinez.news from the headlines below under a strict no-invention contract. ✓ fact-checked: all claims supported by sources Updated just now.
Quick answers
What operating systems are affected?
Coverage identifies macOS as the primary target for the MacSync Stealer malware, while Microsoft accounts are also being targeted.
How is the malware being distributed?
The malware is being delivered through verified sponsored advertisements on both X and Google, often masquerading as legitimate tools like Claude Code.
What happens if a user clicks the advertisement?
According to reports, these advertisements can hijack macOS systems and compromise Ledger wallets or Microsoft account credentials.
Coverage (7)
- Verified X ad spreads Mac malware, while ConsentFix steals Microsoft accounts Security Boulevard · 1d ago
- The Hacker's 2026 Playbook: Dark Web Tactics Targeting You Huntress · 1d ago
- Verified X ad spreads Mac malware, while ConsentFix steals Microsoft accounts Malwarebytes · 1d ago
- MacSync Stealer Hijacks macOS via Fake Claude Code Google Ads gbhackers.com · 1d ago
- A Weaponized Google Ad Install Malicious Claude Code to Hijack Entire macOS CyberSecurityNews · 1d ago
- Fake “Claude Code” Google Ad Delivers MacSync Stealer, Hijacks Ledger Wallets on macOS cyberpress.org · 1d ago
- Malware found spreading through sponsored ad on X 9to5Mac · 1d ago
Topics
Related trends
Alibaba to ban employees from using Anthropic's coding tool, source says
Alibaba has prohibited employees from using Anthropic's Claude Code amid rising security concerns regarding spyware and regional access.
New "Bad Epoll" Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android
A critical Linux kernel vulnerability dubbed DirtyClone and Bad Epoll is enabling unauthorized root access across Linux systems and Android devices.
At 17, She Sued Meta and Google, and Won. Now She’s Ready to Tell Her Story
Legal challenges against tech giants intensify as an unnamed teenager secures a victory and New Jersey prepares for a high-profile courtroom showdown.
All of the best 4th of July deals on Samsung Galaxy gear, Google, LG OLED TVs, Copilot+ PCs, e-bikes, more
Major retailers are launching Independence Day discount events across a wide range of consumer electronics.
EU Politicians Investigated Pegasus Spyware. Then It Ended Up on One of Their Phones
A European Parliament member tasked with investigating Pegasus spyware has been identified as a target of the same software.
A new attack uses a BioShock-style puzzle to convince AI browsers they're not in the real world
Security researchers have identified a vulnerability where AI browsers are susceptible to prompt injection attacks modeled after video game mechanics.