Fake clockify site pushes both windows and mac malware

Intel Name: Fake clockify site pushes both windows and mac malware

Date of Scan: October 10, 2024

Impact: High

Summary:
On October 8, 2024, we identified a malicious Google ad directing users to a fake Clockify site that spreads malware. The site offered two downloads: a changing 704 kB DMG file for macOS that exfiltrates data and a consistent 115.7 MB executable for Windows. The macOS file contains a Mach-O executable that requires user interaction for installation, while the Windows file includes a 116.5 MB MSI installer for Clockify and Lumma Stealer. The Windows infection retrieves Lumma Stealer from a password-protected RAR file.

More Details