TrendAI™ Research tracked a sustained malvertising campaign that abused Google Ads to deliver ClickFix social engineering attacks disguised as popular AI developer tools. The campaign impersonated at least six legitimate brand names, including ChatGPT Codex, Perplexity, Cursor IDE, JetBrains, Claude AI, and claude.ai, and simultaneously ran Mac utility scam lures.
By leveraging paid search ads targeting users actively seeking AI development tools, the attackers were able to target technically proficient users who are more likely to interact with command-line instructions without suspicion. This marks a sophisticated evolution of the ClickFix social engineering technique, where victims are tricked into manually executing malicious commands, typically by copying and pasting PowerShell or terminal commands under the guise of “fixing” a problem or completing a software installation.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Deceased Patient Data Being Sold on Dark Web
July 11, 2018
Why are hackers selling medical records of deceased patients? It is no shocker medical records are a prime target for cybercriminals. But less intuitive is the market for medical records of the deceased on the dark web. We took a closer look at the reason behind this strange trend. Here is what we found. First off, despite ...
- China-based hackers take an interest in Cambodia’s elections
July 11, 2018
A US-based security researcher has accused China of interfering in Cambodia’s forthcoming national election. Security vendor FireEye says it has spotted a large-scale Chinese phishing, intrusion, remote access trojan (RAT), and data exfiltration operation targeting the poll. FireEye attributed the activity to a group dubbed “TEMP.Periscope”, previously more closely associated with targeting American engineering and maritime operations. The FireEye post ...
- Cyber attacks are now a matter of when not if for UK businesses
July 2, 2018
For a growing number of UK companies, being hit by a cyber breach is not a matter of ‘if’ – it’s a matter of ‘when’. This is according to a new report by KPMG based on a poll of 150 UK leaders. When compared to the rest of the world, though, the UK is performing well, as according to ...
- Hotels, airlines and travel sites battle bot attacks
June 27, 2018
Hotels, airlines, cruises and travel sites are under siege from crooks using fake or stolen account details to try to access accounts. Hackers have been using stolen or leaked account details to attempt to log into accounts, using botnets to deliver attacks at industrial scale, according to research by Akamai. Read more… Source: ZDNet
- Thanatos ransomware: Free decryption tool released for destructive file-locking malware
June 27, 2018
Victims of a destructive form of ransomware, which fails to unlock files even if the ransom is paid, can now retrieve their files for free with a new file decryptor released by security researchers. Thanatos ransomware first started targeting Windows systems in February and multiple versions of it have been released in the months since, indicating ...
- Up to 40,000 British Ticketmaster users may have had their personal and payment details stolen by hackers
June 27, 2018
Ticketmaster UK have admitted British customers may have had their credit card data stolen in a security breach that could have affected up to 40,000 people. The company says it ‘identified malicious software’ on a third party product on Saturday, but did not reveal the breach until today. The firm said it disabled the software as soon ...