According to Decrypt, Jamf Threat Labs stated that counterfeit Macy's applications spread PamStealer malware through malicious AppleScript files, which can steal user passwords and encrypted wallet keys. In addition, Jamf discovered that ClickFix style malware spread through X sponsored advertisements promoted DynamicLake, inducing users to execute installation commands with the payload being the Atomic MacSync Stealer variant.