TrendAI™ Research tracked a sustained malvertising campaign that abused Google Ads to deliver ClickFix social engineering attacks disguised as popular AI developer tools. The campaign impersonated at least six legitimate brand names, including ChatGPT Codex, Perplexity, Cursor IDE, JetBrains, Claude AI, and claude.ai, and simultaneously ran Mac utility scam lures.
By leveraging paid search ads targeting users actively seeking AI development tools, the attackers were able to target technically proficient users who are more likely to interact with command-line instructions without suspicion. This marks a sophisticated evolution of the ClickFix social engineering technique, where victims are tricked into manually executing malicious commands, typically by copying and pasting PowerShell or terminal commands under the guise of “fixing” a problem or completing a software installation.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- U.S. Payment Processing Services Targeted by BGP Hijacking Attacks
August 6, 2018
According to a new report, three United States payment processing companies were targeted by BGP hijacking attacks on their DNS servers. These Internet routing attacks were designed to redirect traffic directed at the payment processors to servers controlled by malicious actors who would then attempt to steal the data. On three separate dates in July, Oracle ...
- DOJ Nab Three FIN7 Cybercrime Suspects in Europe
August 1, 2018
Three people believed to be member of the FIN7 (or Carbanak) hacking group have been arrested in Europe, according to the US DOJ. Three suspected members of the FIN7 cybercrime group have been arrested in Europe and accused of hacking more than 120 U.S.-based companies with the intent of stealing bank cards. In total, U.S. Department of ...
- Ransomware Attack Cripples Cosco Shipping Network – Report
July 26, 2018
A shipping giant is likely to run up in millions of dollars of additional costs after a ransomware attack apparently crippled its US network. The attack was against COSCO (China Ocean Shipping Company), which is a Chinese owned shipping giant. It comes after its larger shipping rival Maersk admitted in August 2017 that its operations had been impacted by ...
- Hackers Breach Virginia Bank, Make Off With Millions
July 25, 2018
Hackers have compromised a bank in the United States twice in the past eight months and made off with millions of dollars. But the cyber attacks has resulted in a spat between the bank and its insurer provider which is refusing to fully cover the losses. The incident is a salient reminder of the online threat being ...
- Emotet Malware Evolves Beyond Banking to Threat Delivery Service
July 24, 2018
The Emotet trojan has been popping up in the news for years: From widespread malspam infections of banking German targets in 2014, all the way up to the costly infection of a New Hampshire town’s computer network in July. And while the tricky Emotet malware first emerged targeting banking credentials, lately researchers have spotted the trojan ...
- Massive Malspam Campaign Finds a New Vector for FlawedAmmyy RAT
July 20, 2018
A widespread spam campaign from the well-known financial criminal group TA505 is spreading the FlawedAmmyy RAT using a brand-new vector: Weaponized PDFs containing malicious SettingContent-ms files. The SettingContent-ms file format was introduced in Windows 10; it allows a user to create “shortcuts” to various Windows 10 setting pages. “All this file does is open the Control Panel ...