TrendAI™ Research tracked a sustained malvertising campaign that abused Google Ads to deliver ClickFix social engineering attacks disguised as popular AI developer tools. The campaign impersonated at least six legitimate brand names, including ChatGPT Codex, Perplexity, Cursor IDE, JetBrains, Claude AI, and claude.ai, and simultaneously ran Mac utility scam lures.
By leveraging paid search ads targeting users actively seeking AI development tools, the attackers were able to target technically proficient users who are more likely to interact with command-line instructions without suspicion. This marks a sophisticated evolution of the ClickFix social engineering technique, where victims are tricked into manually executing malicious commands, typically by copying and pasting PowerShell or terminal commands under the guise of “fixing” a problem or completing a software installation.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Mastermind behind EUR 1 billion cyber bank robbery arrested in Spain
March 26, 2018
The leader of the crime gang behind the Carbanak and Cobalt malware attacks targeting over a 100 financial institutions worldwide has been arrested in Alicante, Spain, after a complex investigation conducted by the Spanish National Police, with the support of Europol, the US FBI, the Romanian, Belarussian and Taiwanese authorities and private cyber security companies. Since ...
- A Closer Look at APT Group Sofacy’s Latest Targets
March 23, 2018
Threatpost talks to Kaspersky Lab researcher Kurt Baumgartner who was instrumental in tracking the latest activities of the Russian-speaking Sofacy APT gang. Research shows a continual march toward Far East targets and overlapping of activities with other groups such as Lamberts, Turla and Danti. Baumgartner, a researcher with Kaspersky Lab’s Global Research and Analysis Team, presented his ...
- Website of Russian MoD Hit by DDoS Attacks From Western Europe, North America
March 22, 2018
The Russian Defense Ministry said a total of 7 denial-of-service (DDoS) attacks were carried out against its website on Thursday during the final vote on the names of new types of weaponry. “The site of the Russian Defense Ministry during the final vote for the names of the newest domestic weapons was subjected to a massive DDoS attack,” the ministry stated. The ...
- Old banking Trojan TrickBot has been taught new tricks
March 22, 2018
The TrickBot Trojan has been upgraded with new modules to make detection, and defense, more difficult. First discovered in 2016, TrickBot is a financial Trojan which targets the customers of major banks. The Trojan is most commonly connected to phishing campaigns which trick users into entering their credentials into phishing and fraudulent banking websites, designed to appear as legitimate ...
- Cryptocurrency Miner Distributed via PHP Weathermap Vulnerability, Targets Linux Servers
March 21, 2018
Legitimate and large-scale cryptocurrency mining operations often invest in dedicated hardware and electric consumption to make a profit. This doesn’t escape the attention of cybercriminals: Malicious cryptocurrency mining was so pervasive last year that it was the most detected network event in devices connected to home routers. Through our incident response-related monitoring, we observed intrusion attempts whose indicators we’ve been able to ...
- ManageEngine zero-day vulnerabilities impact three out of five Fortune 500’s
March 21, 2018
Severe zero-day vulnerabilities have been discovered in ManageEngine products used by a substantial number of Fortune 500 companies. On Wednesday, researchers from Digital Defense disclosed the bugs, discovered by the firm’s Vulnerability Research Team (VRT). In a security advisory, the team said that six previously unknown vulnerabilities impact three ManageEngine products, Logs360, EventLog Analyzer and Applications Manager. Read more… Source: ZDNet