Leighton Meester sex video lure spreads Mac and Windows malware to Twitter users

Here’s an unusual cocktail: Internet celeb and former Apple Mac evangelist Guy Kawasaki, a sex video of Leighton Meester (the star of hit TV show “Gossip Girl”), a sprinkle of Twitter, and a shot of web-based malware.

My suspicions were raised when I saw that Guy Kawasaki has posted a message saying

Leighton Meester sex tape video free download!

on his Twitter account.

Sure enough, following the link hops you between a series of websites, offering to show you a sex video of the young Hollywood actress.

As we’ve seen in other attacks in the past, agreeing to download the codec to view the sex video is not a good idea. The webpage can tell if you are visiting the site using an Apple Mac or a Windows computer, and will serve up the relevant piece of malware. In the case of Macs the malware is detected by Sophos as OSX/Jahlav-C.

Sign up to our free newsletter.
Security news, advice, and tips.

The fact that the post was published on Guy Kawasaki’s Twitter account (which has almost 140,000 followers) is particularly worrying. I wonder how many people might have thought it was worth the risk of clicking on the link, if there was a chance of watching a free Leighton Meester sex video.

It’s only a couple of weeks since we reported on other instances of hackers spreading the Jahlav-C Trojan horse via an X-rated lure to Mac users. The worry is that many Mac users are not running any anti-virus protection – something maybe they need to reconsider.

After all, if you really want to watch a sexy video of a celebrity chances are that you probably will be prepared to enter your system password to allow a video codec plugin to install.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.