Verified X ad spreads Mac malware, while ConsentFix steals Microsoft accounts


Cybercriminals are finding new ways to trick people into compromising their own devices and accounts. One campaign used a sponsored ad on X to target Mac users, while another technique, dubbed ConsentFix, steals Microsoft 365 accounts without installing malware.

Researchers have discovered a ClickFix-style attack running as a sponsored advertisement on X. The ad was posted from a verified account, adding an extra layer of credibility to the scam.

ClickFix campaigns use convincing lures—historically fake “human verification” screens, and now a fake download for DynamicLake, a legitimate macOS utility that turns your MacBook’s notch into an unofficial but functional version of Apple’s Dynamic Island. This type of attack requires the user to paste a command from the clipboard, making it depend heavily on user interaction.

Read more…
Source:  MalwareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • GoldMelody’s Hidden Chords: Initial Access Broker In-Memory IIS Modules Revealed

    July 8, 2025

    Unit 42 researchers uncovered a campaign by an initial access broker (IAB) to exploit leaked Machine Keys — cryptographic keys used on ASP.NET sites — to gain access to targeted organizations. IABs breach organizations and then sell that access to other threat actors. This report analyzes the tools used in these attacks. Palo Alto track this ...

  • Impostor uses AI to impersonate Rubio and contact foreign and US officials

    July 8, 2025

    The State Department is warning U.S. diplomats of attempts to impersonate Secretary of State Marco Rubio and possibly other officials using technology driven by artificial intelligence, according to two senior officials and a cable sent last week to all embassies and consulates. The warning came after the department discovered that an impostor posing as Rubio had ...

  • NFC fraud threatens Philippines digital payments security

    July 8, 2025

    As contactless payments and digital wallets grow quickly in the Philippines, cyber-criminals are now targeting the country by abusing Near Field Communication (NFC) technologies. Resecurity, a global leader in cyber threat intelligence, issued a stark warning, urging Philippine regulators and financial institutions to heighten their defenses amid an alarming increase in NFC-enabled fraud, particularly from ...

  • Batavia spyware steals data from Russian organizations

    July 7, 2025

    Since early March 2025, our systems have recorded an increase in detections of similar files with names like договор-2025-5.vbe, приложение.vbe, and dogovor.vbe (translation: contract, attachment) among employees at various Russian organizations. The targeted attack begins with bait emails containing malicious links, sent under the pretext of signing a contract. The campaign began in July 2024 and ...

  • BERT Ransomware Group Targets Asia and Europe on Multiple Platforms

    July 7, 2025

    In April, a new ransomware group known as BERT, has been observed targeting organizations across Asia and Europe. TrendResearch telemetry has confirmed the emergence and activity of this ransomware. This blog entry examines BERT’s tools and tactics across multiple variants. By comparing its different iterations, we unpack how the ransomware group operates, how their methods have ...

  • NordDragonScan: Quiet Data-Harvester on Windows

    July 7, 2025

    FortiGuard Labs recently uncovered an active delivery site that hosts a weaponized HTA script and silently drops the infostealer “NordDragonScan” into victims’ environments. Once installed, NordDragonScan examines the host and copies documents, harvests entire Chrome and Firefox profiles, and takes screenshots. The package is then sent over TLS to its command-and-control server, “kpuszkiev.com,” which also serves ...