Beware: Disguised as Dropbox Dash, this malware will infect your Mac OS

Question

It started with an icon which appeared in my Safari browser which was that of Dropbox Dash (the blue squares).

When clicking it, it brings you to this page: https://app.getcommande.com/install which when visiting CLEARLY is a clone of Dropbox's look.

I downloaded the app and very quickly stopped myself from dragging the .app file within the downloaded .dmg into my Applications folder because it is very obviously not Dropbox.

Upon investigating how in the world this malware trap made it into my Safari browser, I noticed it was implanted by this .app called Dropbox Dash which looked like a legitimate Dropbox app. Naturally I removed any trace of it.

Jay · Answer

In order to find out more information on this matter, could you use the 'Report a bug' feature in the app to let the team know of what you experienced?

FireFishMike · Answer

I know Dash is a beta product; I'm a tester.

I installed the Mac app for Dash a while ago and it left a button on my safari toolbar which I never pressed until today. Upon pressing it, it brought me to the URL I posted above. Either the app is legit and someone at Dropbox infected it, or the Beta I signed on for initially was BS altogether.

Jay · Answer

Hi @FireFishMike, thanks for bringing this to our attention.

Dropbox Dash is a valid application that is currently in beta.

Did you notice this version of the app you're referring to after visiting the Dropbox site, or another random site?

This will help me to assist further!