TrendAI™ Research tracked a sustained malvertising campaign that abused Google Ads to deliver ClickFix social engineering attacks disguised as popular AI developer tools. The campaign impersonated at least six legitimate brand names, including ChatGPT Codex, Perplexity, Cursor IDE, JetBrains, Claude AI, and claude.ai, and simultaneously ran Mac utility scam lures.
By leveraging paid search ads targeting users actively seeking AI development tools, the attackers were able to target technically proficient users who are more likely to interact with command-line instructions without suspicion. This marks a sophisticated evolution of the ClickFix social engineering technique, where victims are tricked into manually executing malicious commands, typically by copying and pasting PowerShell or terminal commands under the guise of “fixing” a problem or completing a software installation.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Singapore’s Largest Healthcare Group Hacked, 1.5 Million Patient Records Stolen
July 20, 2018
Singapore’s largest healthcare group, SingHealth, has suffered a massive data breach that allowed hackers to snatch personal information on 1.5 million patients who visited SingHealth clinics between May 2015 and July 2018. SingHealth is the largest healthcare group in Singapore with 2 tertiary hospitals, 5 national specialty , and eight polyclinics. According to an advisory released by Singapore’s Ministry ...
- Cybercrooks slurp nearly $1m from Russian bank after pwning router at regional branch
July 20, 2018
Hackers stole almost $1m from a Russian bank earlier this month after breaching its network via an outdated router. PIR Bank was looted by the notorious MoneyTaker hacking group, according to Group-IB, the Moscow-based security firm called in by the bank to handle incident response. Funds were stolen on 3 July through the Russian Central Bank’s Automated ...
- Indictments Against 12 Russians Show How Hackers Were Hacked
July 18, 2018
Hi everybody, Jordan Robertson here. I cover cybersecurity in Washington, D.C. Today’s newsletter is about Special Counsel Robert Mueller’s indictment this week of 12 Russian military officers for allegedly orchestrating the hacks of the 2016 U.S. presidential election. The indictment, which I encourage you to read if you’re interested in technical details about how the hacks worked, is remarkable in a number ...
- DDoS Attacks Get Bigger, Smarter and More Diverse
July 17, 2018
DDoS attacks are relentless. New techniques, new targets and a new class of attackers continue to reinvigorate one of the internet’s oldest nemeses. Distributed denial of service attacks, bent on taking websites offline by overwhelming domains or specific application infrastructure with massive traffic flows, continue to pose a major challenge to businesses of all stripes. Being ...
- 6-Year-Old Dorkbot Banking Malware Resurfaces as Big Threat
July 12, 2018
Old banking malware called Dorkbot has reemerged in 2018 to become a serious threat. The banking malware called Dorkbot is back. Samples of the 6-year-old malware are now ranked the second biggest banking malware headache in 2018 so far, according to new data from Check Point. “Dorkbot, known malware that dates back to 2012, has entered back the ...
- Ticketmaster breach ‘part of massive card-skimming campaign’
July 12, 2018
The Ticketmaster breach was not a one-off, but part of a massive digital credit card-skimming campaign. Threat intel firm RiskIQ reckons the hacking group Magecart hit Ticketmaster only as part of a massive credit card card hacking campaign affecting more than 800 ecommerce sites. Magecart has evolved tactically from hacking sites directly, to targeting widely used third-party ...