TrendAI™ Research tracked a sustained malvertising campaign that abused Google Ads to deliver ClickFix social engineering attacks disguised as popular AI developer tools. The campaign impersonated at least six legitimate brand names, including ChatGPT Codex, Perplexity, Cursor IDE, JetBrains, Claude AI, and claude.ai, and simultaneously ran Mac utility scam lures.
By leveraging paid search ads targeting users actively seeking AI development tools, the attackers were able to target technically proficient users who are more likely to interact with command-line instructions without suspicion. This marks a sophisticated evolution of the ClickFix social engineering technique, where victims are tricked into manually executing malicious commands, typically by copying and pasting PowerShell or terminal commands under the guise of “fixing” a problem or completing a software installation.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Finance firms to spend more on security as concern over cyber crime soars
April 5, 2017
Over 80pc of financial services firms plan to pump cash into cybersecurity this year, almost double that of last year as fears over cyber attacks swell. Corporate adviser Duff & Phelps, which analysed 200 executives in Europe, Hong Kong and the US, said 86pc of financial services firms intend to spend more time and money on cybersecurity this year. That’s a significant increase on last year, ...
- Lazarus APT Spinoff Linked to Banking Hacks
April 3, 2017
The Lazarus Group, a nation-state level of attacker tied to the 2014 attacks on Sony Pictures Entertainment, has splintered off a portion of its operation to concentrate on stealing money to fund itself. The group, widely believed to be North Korean, has been linked to a February 2016 attack against the Bangladesh Central bank that resulted ...
- New Mirai Variant Carries Out 54-Hour DDoS Attacks
March 30, 2017
A variant of the Mirai malware pummeled a U.S. college last month with a marathon 54-hour long attack. Researchers say this latest Mirai variant is a more potent version of the notorious Mirai malware that made headlines in October, targeting DNS provider Dyn and the Krebs on Security website. The IoT botnet behind the DDoS attacks ...
- Ghana to set up national cyber security council
March 30, 2017
Ghana is to establish a national cyber security council to tackle the increasing rate of cyber crime in the country. The initiative is part of the government’s effort to build a comprehensive cyber security governance arrangement involving all key public and private sector stakeholders. The National Cyber Security Council will be an independent advisory body made ...
- New Clues Surface on Shamoon 2’s Destructive Behavior
March 27, 2017
Researchers on Monday reported progress in piecing together some of the missing pieces of the Shamoon 2 puzzle that have been eluding them when it comes to lateral network movement and execution of the Disttrack malware component used in past campaigns. Shamoon 2 uses a combination of legitimate tools, such as the open source utility PAExec, and ...
- Indian Startup Develops a Next-Gen Cybersecurity Solution on the Blockchain
March 26, 2017
A new innovative prototype startup powered by blockchain technology for cybersecurity has recently launched in India aimed at curbing the global phenomenon of cybercrime. Mumbai-based Block Armour was thought up by Narayan Neelakantan, former CISO and Head of IT Risk and Compliance with India’s National Stock Exchange (NSE) and Floyd DCosta, who has a background in ...