RSS

Malvertising Campaign Spoofs GitHub to Deliver macOS Trojans

prettyblocks1 pts0 comments

Malvertising Campaign Spoofs GitHub to Deliver macOS Trojans

Roshan

SubscribeSign in

Malvertising Campaign Spoofs GitHub to Deliver macOS Trojans<br>Evasive technique combines zero-width space (ZWSP) with Github spoofing to deliver malware through malvertising

Roshan, Eliya Stein, and Confiant<br>Jun 02, 2026

Share

Cross-posted by Roshan

"This campaign exploits the current popularity of AI utilities by using GitHub-spoofed infrastructure to distribute a trojanized version of an open-source repository with over 500 stars."<br>- Confiant

We recently detected a malvertising campaign distributing malware: a trojanized macOS Electron installer. The ad campaign was disguised to look like a legitimate personal open-source project called “Jarvis AI Assistant,” a speech-to-text project with 500 stars on GitHub. “Jarvis” is a popular name in the AI world (thanks to Iron Man), so there is no single, definitive “Jarvis AI project.”<br>The actor in this campaign constructed a fully functional GitHub lookalike that dynamically mirrors content from Jarvis’ actual GitHub (akshayaggarwal99/jarvis-ai-assistant), creating a convincing facade over the malicious landing page domain to deliver malicious binaries to macOS users.<br>The ad uses Zero Width Space (ZWSP) Unicode characters embedded in the ad text to evade detection—an adaptation of homoglyph attacks. Users who click the ad will end up downloading a trojanized DMG file from infrastructure controlled by the threat actor. These DMGs install a working “Jarvis” voice AI that—by the legitimate app’s own design—already possesses system-wide keyboard, microphone, screen, AppleScript, and shell-execution capabilities.<br>Because "Jarvis" is a voice assistant, you willingly give it permission to use your mic, screen, and keyboard . The attackers are basically hitching a ride on the permissions you already granted the "real" app.

caption...<br>The DMG (a Mac disk image) container itself is the malicious add-on. Inside the file's code is an XML DTD pointer that beacons to attacker infrastructure upon parsing. It ‘pings’ the attacker's server to say, "Hey, I just landed on a new Mac, here’s my location."<br>For evasion, the attackers used a non-standard UDIF wrapper (basically the "packaging" of the DMG file) that breaks automated triage and security scanners. It’s like hiding something inside a box that is folded so weirdly an X-ray machine doesn't know how to read it.

User Journey and Circumvention

The attack chain begins with a programmatic ad depicting the Jarvis AI application for macOS . By mimicking a legitimate productivity tool, the ad targets users looking for AI-driven voice assistance. Once a user is engaged by the creative, the redirection process begins, leading them through a series of spoofed environments designed to build trust before the final payload is delivered.<br>Technical Breakdown of the Ad Text<br>Zero-width space characters are non-printing characters used in computerized typesetting to indicate where word boundaries are, without displaying a visible space in the rendered text.<br>The ad text contains invisible ZWSP characters strategically placed within high-signal keywords. This technique is done to evade pattern matching and keyword-based malvertising detection and human review, while preserving readability for the ad.

Malicious Ad Creative with invisible ZWSP characters

Clicking the ad directs users to serverji[.]com, which presents a cloned product site for the Jarvis project (jarvis.ceo/) promoting the software. The download button navigates to serverji[.]com/download, offering architecture-specific download options (Apple Silicon / Intel). It includes a "Download for Mac" CTA and a "We're now open source! Star us on GitHub" badge.<br>Upon selecting an architecture, users are redirected to a subdomain (un5q021ctkzm0.serverji[.]com) hosting a GitHub lookalike . This fake repository mirrors the exact structure and content of the legitimate GitHub project, providing a false sense of security through visual familiarity.<br>The download link on this fake GitHub release page delivers the malicious DMG file instead of the legitimate application. By the time a user reaches this stage, the combination of the mirrored repository and the official-looking “release” page makes the download appear authentic.

Mirrored, Malicious GitHub Repository

The actor deployed a functional GitHub clone on a subdomain that dynamically scraped and rendered content from the legitimate repository. To maximize authenticity, the clone included:<br>Release pages featuring accurate version tags and malicious download links.

Developer profiles cloned directly from the real maintainer.

Pull request histories scraped from the authentic repository.

GitHub Actions workflows to simulate a state of active development.

Copilot code review comments to further enhance credibility.

Why the DMGs Are Malicious (and the Source Archives Are Not)

The DMG-level tampering produces two primary malicious effects: (a )...

github jarvis malicious campaign download malvertising

Related Articles

The Newest Instagram "Exploit" Is the Goofiest I've Seen

ssiddharth34 ptsaccount attacker email instagram seen like

It's Not Just X. It's Y

mooreds21 ptslanguage model writing like grammarly human

Amazon, Facebook, FBI have access to a private intelligence-sharing network

root-parent18 ptsseattle prism shield network private intelligence

Show HN: GoPeek – open links in live mini browser windows without new tabs

GeorgeWoff2518 ptsgopeek open browser links live mini

Agent Memory: An Anatomy

brgsk17 ptsmemory library user agent semantic libraries
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.