TrendAI™ Research tracked a sustained malvertising campaign that abused Google Ads to deliver ClickFix social engineering attacks disguised as popular AI developer tools. The campaign impersonated at least six legitimate brand names, including ChatGPT Codex, Perplexity, Cursor IDE, JetBrains, Claude AI, and claude.ai, and simultaneously ran Mac utility scam lures.
By leveraging paid search ads targeting users actively seeking AI development tools, the attackers were able to target technically proficient users who are more likely to interact with command-line instructions without suspicion. This marks a sophisticated evolution of the ClickFix social engineering technique, where victims are tricked into manually executing malicious commands, typically by copying and pasting PowerShell or terminal commands under the guise of “fixing” a problem or completing a software installation.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Backdoor Found in Popular Server Management Software used by Hundreds of Companies
August 15, 2017
Cyber criminals are becoming more adept, innovative, and stealthy with each passing day. They are now adopting more clandestine techniques that come with limitless attack vectors and are harder to detect. Recently, cyber crooks managed to infiltrate the update mechanism for a popular server management software package and altered it to include an advanced backdoor, which ...
- WannaCrypt victims paid out over $140k in Bitcoin to get files unscrambled
August 3, 2017
More than $140,000 (£105,000) in Bitcoin has been paid out by victims of the global WannaCrypt ransomware outbreak from May. The money was removed from the online wallets at 4am UTC on Thursday. The Bitcoin activity was noticed by a Twitter bot set up by Quartzjournalist Keith Collins. The attack swept across at least 74 countries, and the UK’s ...
- Hackers Hijacked Chrome Extension for Web Developers With Over 1 Million Users
August 2, 2017
From past few years, spammers and cyber criminals were buying web extensions from their developers and then updating them without informing their users to inject bulk advertisements into every website user visits in order to generate large revenue. But now they have shifted their business model—instead of investing, spammers have started a new wave of phishing ...
- $39 million cyber heist crooks caught by Omani agency
August 2, 2017
Omani forensic specialists helped track down online crooks who stole $39 million from a government bank, the director of the Internet Technology Agency has revealed. A cyber attack on an Oman bank in 2013 sparked a global manhunt across 24 nations that led to the arrests of seven people in the USA, according to Dr Badr ...
- Virgin America Hacked, Employee Passwords and Personal Information Compromised
July 28, 2017
Virgin America has confirmed in a letter sent to employees that its network was compromised by hackers, with data belonging to thousands of workers compromised and possibly stolen by the attackers. While an investigation is already under way, the airline did not provide any specifics about the hackers, saying instead that it’s working with law enforcement ...
- Attack Uses Docker Containers To Hide, Persist, Plant Malware
July 27, 2017
A novel attack vector allows for adversaries to abuse the Docker API to hide malware on targeted systems, and even execute remote code. The proof of concept attack was developed by researchers at Aqua Security, and the technique was first demonstrated today at Black Hat by Sagie Dulce, senior security researcher, with Aqua Security. The attack works ...