TrendAI™ Research tracked a sustained malvertising campaign that abused Google Ads to deliver ClickFix social engineering attacks disguised as popular AI developer tools. The campaign impersonated at least six legitimate brand names, including ChatGPT Codex, Perplexity, Cursor IDE, JetBrains, Claude AI, and claude.ai, and simultaneously ran Mac utility scam lures.
By leveraging paid search ads targeting users actively seeking AI development tools, the attackers were able to target technically proficient users who are more likely to interact with command-line instructions without suspicion. This marks a sophisticated evolution of the ClickFix social engineering technique, where victims are tricked into manually executing malicious commands, typically by copying and pasting PowerShell or terminal commands under the guise of “fixing” a problem or completing a software installation.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- FormBook—Cheap Password Stealing Malware Used In Targeted Attacks
October 5, 2017
It seems sophisticated hackers have changed the way they conduct targeted cyber operations—instead of investing in zero-days and developing their malware; some hacking groups have now started using ready-made malware just like script kiddies. Possibly, this could be a smart move for state-sponsored hackers to avoid being attributed easily. Security researchers from multiple security firms, including Arbor Networks and FireEye, ...
- Equifax Says 145.5M Affected by Breach, Ex-CEO Testifies
October 3, 2017
Equifax, the credit agency behind this summer’s breach of 143 million Americans, said this week the number of victims implicated in the breach has increased. Paulino do Rego Barros, Jr., the company’s interim CEO, announced Monday that 2.5 million additional Americans were also impacted, bringing the grand total to 145.5 million affected individuals. Equifax initially called its investigation around ...
- National Lottery website brought down by cyber hack attack leaving thousands unable to buy tickets
September 30, 2017
A cyber attack brought down the the National Lottery website last night, Camelot has admitted. The website was down for more than an hour-and-a-half yesterday evening, due to a distributed denial of service (DDOS) attack – when hackers flooded the website with online traffic. A Camelot spokesperson said: “Unfortunately, as experienced by many companies, The National Lottery website was subject to ...
- Two Danish ministries taken offline by cyber attack
September 28, 2017
A Turkish hacker group has claimed responsibility for a cyber attack that has rendered the Danish Ministry of Immigration website inaccessible. The Ministry of Immigration, as well as the Ministry of Foreign Affairs of Denmark, were hit Wednesday by a cyber attack thought to have come from a Turkish hacker group, reports broadcaster DR. The former ministry’s website ...
- Researchers promise demo of ‘God-mode’ pwnage of Intel mobos
September 26, 2017
Security researchers say they’ve found a way to exploit Intel’s accident-prone Management Engine, and will reveal the problem at Black Hat Europe in December. Positive Technologies researchers say the exploit “allows an attacker of the machine to run unsigned code in the Platform Controller Hub on any motherboard via Skylake+”. Intel Management Engine (ME), a microcontroller that ...
- EternalBlue Exploit Used in Retefe Banking Trojan Campaign
September 22, 2017
Criminals behind the Retefe banking Trojan have added a new component to their malware that uses the NSA exploit EternalBlue. The update makes Retefe the latest malware family to adopt the SMBv1 attack against a patched Windows vulnerability, and could signal an emerging trend, said researchers at Proofpoint. Earlier this year, researchers at Flashpoint observed the TrickBot ...