Malwarebytes Labs researchers uncovered a malicious campaign going after Mac users looking for support or extended warranty from Apple via the AppleCare+ support plans.
The perpetrators are buying Google ads to lure in their victims and redirect them to bogus pages hosted on GitHub, the developer and code repository platform owned by Microsoft. The goal of this scam is to get unsuspecting people on the phone with someone pretending to be working for Apple. From there, fraudulent call center agents will social engineer their victims in order to extract money from them. In this blog post, Malwarebytes Labs expose the techniques behind this scam and provide mitigation steps to stay away from them.
Read more…
Source: Malwarebytes Labs
Related:
- Fake ChatGPT download site infects Windows and Mac users with malware
May 28, 2026
A convincing fake website is impersonating OpenAI’s ChatGPT download page and infecting visitors with malware designed to steal passwords, browser data, cryptocurrency wallets, and other sensitive information. The site, openewapp, closely mimics OpenAI’s real ChatGPT download experience and offers what appear to be official desktop apps for both Windows and macOS. Instead, Windows users receive a ...
- Supply Chain Compromises Impact Nx Console and GitHub Repositories
May 28, 2026
CISA is prioritizing the response to multiple emerging software supply chain intrusion campaigns targeting developer ecosystems Continuous Integration/Continuous Development (CI/CD) pipelines. These recent incidents, including the GitHub compromise via a malicious Nx Console Visual Studio Code (VS Code) extension and the “Megalodon” supply chain intrusion campaign, demonstrate how cyber threat actors are abusing tools and ...
- Carnival confirms ShinyHunters cruised off with 6M customer records after April breach
May 28, 2026
Carnival Corporation – the world’s largest cruise operator – has confirmed a digital heist, a month after hacking crew ShinyHunters claimed to have stolen millions of customers’ records. The breach, Carnival confirmed, stemmed from an April 14 social engineering attack on an employee, though the company declined to comment on the scale or name ShinyHunters. Read more… Source: ...
- Threat Actors Spoofing FIFA Websites in Advance of the 2026 World Cup
May 27, 2026
The FBI is issuing this Public Service Announcement (PSA) to warn the public that cyber threat actors are conducting spoofing attacks against the Fédération Internationale de Football Association (FIFA) website in advance of the 2026 FIFA World Cup. A spoofed website is designed to pose as a legitimate website, with branding, product listings, etc., and malicious ...
- UK Visa Portal exposed thousands of applicants’ passports and selfies — then called the lawyers on us
May 27, 2026
A website called UK Visa Portal publicly exposed thousands of passports and selfie photos of applicants who paid the site to obtain a U.K. immigration visa. An anonymous person notified TechCrunch about the security lapse, saying that the website was exposing at least 100,000 documents from people who uploaded their passports and selfies to the website ...
- Ghost CMS flaw hijacked to target hundreds of websites with ClickFix attacks
May 26, 2026
A critical-severity vulnerability that reportedly was patched three months ago is being exploited in a massive ClickFix campaign, researchers have claimed. In mid-February 2026, a critical SQL injection vulnerability was found in Ghost CMS, a popular open-source Content Management System (CMS) currently used by more than 57,000 websites, including the likes of 404 Media, The Canadian ...