Jamf Threat Labs, the company’s security research arm, recently shared details of a ClickFix-style attack it spotted running as a sponsored ad on the social media site X. The ad, originating from a well-known account, promoted a malicious domain under the guise of a popular Mac app.

The ad in question was posing as DynamicLake, a legitimate Mac utility that turns your MacBook’s notch into an unofficial but fully working Dynamic Island.

Screenshot of the malicious sponsored tweet posing as the real DynamicLake. via Jamf Threat Labs.

But per Jamf’s investigation, the original link seen above redirects to dynamicmacisland[.]com, a malicious lookalike domain with no ties to the actual app.

Once there, visitors were instructed to open Terminal and paste installation code that would quietly install malware on the victim’s Mac. This is a classic technique that defines ClickFix social engineering attacks.