TrendAI™ Research tracked a sustained malvertising campaign that abused Google Ads to deliver ClickFix social engineering attacks disguised as popular AI developer tools. The campaign impersonated at least six legitimate brand names, including ChatGPT Codex, Perplexity, Cursor IDE, JetBrains, Claude AI, and claude.ai, and simultaneously ran Mac utility scam lures.
By leveraging paid search ads targeting users actively seeking AI development tools, the attackers were able to target technically proficient users who are more likely to interact with command-line instructions without suspicion. This marks a sophisticated evolution of the ClickFix social engineering technique, where victims are tricked into manually executing malicious commands, typically by copying and pasting PowerShell or terminal commands under the guise of “fixing” a problem or completing a software installation.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Bermuda cyber hack: Offshore law firm data hack leaves super-rich bracing for financial details to be released
October 25, 2017
A leading offshore law firm with clients including the super-rich and international corporations has revealed it suffered a “data security incident” that may result in customers’ private information being leaked. Bermuda-based Appleby, which has offices in a number of British overseas territories, said some of its data had been “compromised” in the 2016 cyber incident. The firm ...
- Millions of Networks Compromised by New Reaper Botnet
October 24, 2017
A new and growing botnet called Reaper or Troop (detected by Trend Micro as ELF_IOTREAPER.A) has been found currently affecting more than one million organizations. According to the security researchers from Check Point and Qihoo 360 Netlab, the botnet they discovered is more sophisticated and potentially more damaging than Mirai. Reaper actually uses some of the code from ...
- Bad Rabbit: New Ransomware Attack Rapidly Spreading Across Europe
October 24, 2017
A new widespread ransomware attack is spreading like wildfire around Europe and has already affected over 200 major organisations, primarily in Russia, Ukraine, Turkey and Germany, in the past few hours. Dubbed “Bad Rabbit,” is reportedly a new Petya-like targeted ransomware attack against corporate networks, demanding 0.05 bitcoin (~ $285) as ransom from victims to unlock ...
- Dark web vendors are selling remote access to corporate PCs for as little as $3
October 24, 2017
Dark Web marketplaces are selling remote access to desktop PCs for as little as $3, allowing criminals to spy on firms without resorting to malware. The sale of remote access credentials is allowing attackers to steal data from organisations in healthcare, education, government, retail, and other sectors. In Window PCs, Microsoft’s Remote Desktop Protocol (RDP) allows individuals ...
- Latest Sofacy Campaign Targeting Security Researchers
October 23, 2017
Sofacy, the Russian-speaking APT group connected to interference in the 2016 U.S. presidential election, has been targeting researchers, admins and others interested in cybersecurity. Cisco’s security research arm Talos published a report on Sunday describing a campaign linked to Sofacy, also known as Fancy Bear and APT 28 among other names, using a decoy document related to the CyCon ...
- Hackers race to use Flash exploit before vulnerable systems are patched
October 20, 2017
Hackers are rushing to exploit a zero-day Flash vulnerability to plant surveillance software before organisations have time to update their systems to patch the weakness. Uncovered by researchers at Kaspersky Lab on Monday, the CVE-2017-11292 Adobe Flash vulnerability allows attackers to deploy a vulnerability which can lead to code execution on Windows, Mac, Linux, and Chrome OS systems. The exploit enables ...