TrendAI™ Research tracked a sustained malvertising campaign that abused Google Ads to deliver ClickFix social engineering attacks disguised as popular AI developer tools. The campaign impersonated at least six legitimate brand names, including ChatGPT Codex, Perplexity, Cursor IDE, JetBrains, Claude AI, and claude.ai, and simultaneously ran Mac utility scam lures.
By leveraging paid search ads targeting users actively seeking AI development tools, the attackers were able to target technically proficient users who are more likely to interact with command-line instructions without suspicion. This marks a sophisticated evolution of the ClickFix social engineering technique, where victims are tricked into manually executing malicious commands, typically by copying and pasting PowerShell or terminal commands under the guise of “fixing” a problem or completing a software installation.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Two New Platforms Found Offering Cybercrime-as-a-Service to ‘Wannabe Hackers’
July 14, 2017
Cybercrime has continued to evolve and today exists in a highly organised form. Cybercrime has increasingly been commercialised, and itself become big business by renting out an expanded range of hacking tools and technologies, from exploit kits to ransomware, to help anyone build threats and launch attacks. In past few years, we have witnessed the increase in ...
- Hackers Attack Trump Hotels, Steal Credit Card Details and Personal Data
July 12, 2017
Hackers breached the systems used by 14 different Trump Hotels properties between August 10, 2016 and March 9, 2017, managing to steal sensitive information like guests’ credit card details and other personal information. In a 9-page notification published on the official page, Trump Hotels informs customers that hackers managed to breach the systems of Sabre Hospitality ...
- Duma passes bill on protection of Russian state data networks
July 12, 2017
Russia’s lower house has approved a bill that defines which of the country’s informational infrastructure is to be considered critical, while setting a maximum sentence of 10 years imprisonment for hackers that attack it. In the final draft of the bill published on the State Duma’s website, critical informational infrastructure is defined as data systems and ...
- After Windows and Android, Operation Emmental Starts Targeting Apple Users
July 11, 2017
Security experts have discovered new malware that is specifically aimed at Apple customers, after previously targeting users running Windows and Android on their devices. Believed to be part of Operation Emmental, which was first spotted in 2012, the new malware is called Dok and is primarily targeting customers of Swiss banks, according to an in-depth analysis ...
- Private Decryption Key For Original Petya Ransomware Released
July 7, 2017
Rejoice Petya-infected victims! The master key for the original version of the Petya ransomware has been released by its creator, allowing Petya-infected victims to recover their encrypted files without paying any ransom money. But wait, Petya is not NotPetya. Do not confuse Petya ransomware with the latest destructive NotPetya ransomware (also known as ExPetr and Eternal Petya) attacks ...
- MCMC probing cyber attacks on online trading platforms
July 7, 2017
The Malaysian Communications and Multimedia Commission (MCMC) is looking into reports of suspected cyber attacks disrupting online trading at several local brokerages. The regulator said it was assisting the stock exchange in investigating the disruption, a report by Nikkei Markets said on Friday. This comes after several brokerages alerted clients that their online broking services had been ...