Verified X ad spreads Mac malware, while ConsentFix steals Microsoft accounts


Cybercriminals are finding new ways to trick people into compromising their own devices and accounts. One campaign used a sponsored ad on X to target Mac users, while another technique, dubbed ConsentFix, steals Microsoft 365 accounts without installing malware.

Researchers have discovered a ClickFix-style attack running as a sponsored advertisement on X. The ad was posted from a verified account, adding an extra layer of credibility to the scam.

ClickFix campaigns use convincing lures—historically fake “human verification” screens, and now a fake download for DynamicLake, a legitimate macOS utility that turns your MacBook’s notch into an unofficial but functional version of Apple’s Dynamic Island. This type of attack requires the user to paste a command from the clipboard, making it depend heavily on user interaction.

Read more…
Source:  MalwareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • In-Depth Analysis of an Obfuscated Web Shell Script

    July 26, 2025

    This analysis is a follow-up to the investigation titled ‘Intrusion into Middle East Critical National Infrastructure’, conducted by the FortiGuard Incident Response Team (FGIR), which investigated a long-term cyber intrusion targeting critical national infrastructure (CNI) in the Middle East. The report revealed that threat actors had installed numerous web shell servers on the compromised system. In ...

  • Allianz Life says ‘majority’ of customers’ personal data stolen in cyberattack

    July 26, 2025

    U.S. insurance giant Allianz Life has confirmed to TechCrunch that hackers stole the personal information of the “majority” of its customers, financial professionals, and employees during a mid-July data breach. When reached by TechCrunch, Allianz Life spokesperson Brett Weinberg confirmed the breach. “On July 16, 2025, a malicious threat actor gained access to a third-party, cloud-based ...

  • Dating safety app Tea breached, exposing 72,000 user images

    July 26, 2025

    Tea, an app that allows women to post anonymous comments about men they’ve supposedly dated, announced Friday that it has suffered a data breach, with hackers gaining access to 72,000 images. That number includes 13,000 selfies and photo IDs submitted for account verification, as well as 59,000 images from posts, comments, and direct messages, the company ...

  • Muddled Libra Threat Assessment: Further-Reaching, Faster, More Impactful

    July 25, 2025

    Unit 42 has tracked and responded to several waves of intrusion operations conducted by the cybercrime group we track as Muddled Libra (aka Scattered Spider, UNC3944) across different sectors in recent months. This article contains observations on Muddled Libra thus far in 2025 based on Unit 42 incident response insights. Unit 42 researchers share defensive recommendations ...

  • ToolShell: a story of five vulnerabilities in Microsoft SharePoint

    July 25, 2025

    On July 19–20, 2025, various security companies and national CERTs published alerts about active exploitation of on-premise SharePoint servers. According to the reports, observed attacks did not require authentication, allowed attackers to gain full control over the infected servers, and were performed using an exploit chain of two vulnerabilities: CVE-2025-49704 and CVE-2025-49706, publicly named “ToolShell”. Additionally, ...

  • Mitel Releases Security Advisories for MiVoice MX-One and MiCollab

    July 24, 2025

    Mitel has released security advisories to address vulnerabilities in Mitel MiVoice MX-ONE and MiCollab, which are cloud-based platforms that help manage business communications. The critical vulnerability, which has no CVE identifier at the time of publishing this Cyber Alert, affects Mitel MiVoice MX-One and is an authentication bypass vulnerability with a CVSSv3 score of 9.4. Successful ...