Mosyle has identified a macOS malware campaign that uses generative AI-assisted code and spreads through a fake AI app download.
The Apple device management firm shared details of the malware named the campaign SimpleStealth. The attack spreads through a fake website posing as the Grok AI app and tricks users into downloading a malicious macOS installer.
The Apple device management firm shared details of the malware named the campaign SimpleStealth. The attack spreads through a fake website posing as the Grok AI app and tricks users into downloading a malicious macOS installer.
The fake Grok app is distributed through a look-alike website rather than the Mac App Store. According to Mosyle, attackers used the domain xaillc[.]com to impersonate the Grok AI app and prompt users to download a malicious macOS installer named Grok.dmg.
Grok is an AI chatbot developed by xAI and integrated with the X social platform. The app is marketed as a conversational assistant that answers questions, analyzes posts, and generates text.