Verified X ad spreads Mac malware, while ConsentFix steals Microsoft accounts


Cybercriminals are finding new ways to trick people into compromising their own devices and accounts. One campaign used a sponsored ad on X to target Mac users, while another technique, dubbed ConsentFix, steals Microsoft 365 accounts without installing malware.

Researchers have discovered a ClickFix-style attack running as a sponsored advertisement on X. The ad was posted from a verified account, adding an extra layer of credibility to the scam.

ClickFix campaigns use convincing lures—historically fake “human verification” screens, and now a fake download for DynamicLake, a legitimate macOS utility that turns your MacBook’s notch into an unofficial but functional version of Apple’s Dynamic Island. This type of attack requires the user to paste a command from the clipboard, making it depend heavily on user interaction.

Read more…
Source:  MalwareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Filch Stealer: A new infostealer leveraging old techniques

    June 16, 2025

    In recent weeks, Rapid7 has observed an increased volume of incidents involving domains generated by domain generation algorithms (DGAs). DGAs are a known technique leveraged by malware authors to quickly create a large number of domain names, which will point to command and control (C2) servers operated by the attackers. Observed domains shared multiple commonalities such ...

  • Europe-wide takedown hits longest-standing dark web drug market

    June 16, 2025

    Law enforcement authorities across Europe have dismantled ‘Archetyp Market’, the most enduring dark web marketplace, following a large-scale operation involving six countries, supported by Europol and Eurojust. Between 11 and 13 June, a series of coordinated actions took place across Germany, the Netherlands, Romania, Spain, Sweden, targeting the platform’s administrator, moderators, key vendors, and technical infrastructure. ...

  • WestJet investigating possible cyberattack

    June 16, 2025

    WestJet has apparently suffered a cyberattack which has disrupted some of its services, including impacting the airline’s website and mobile app. The company confirmed the news in a security advisory posted on its website, noting, “WestJet is aware of a cybersecurity incident involving internal systems and the WestJet app, which has restricted access for several users.” ...

  • Hackers take aim at Washington Post journalists in an apparent ‘targeted’ cyberattack

    June 15, 2025

    Hackers have tried to break into the email accounts of a select number of Washington Post journalists, according to an internal Washington Post memo obtained by CNN. The Post discovered the “possible targeted” hack of its email system last Thursday, prompting the newspaper to reset login credentials for all its employees on Friday, Washington Post Executive ...

  • Anubis: A Closer Look at an Emerging Ransomware with Built-in Wiper

    June 13, 2025

    A new ransomware-as-a-service (RaaS) group has emerged and has been making a name for itself in 2025. Anubis is a recently identified group that sets itself apart by partnering encryption with more destructive capabilities—wiping directories which severely impact chances of file recovery. Given its brief history and use of a multi-layered extortion model, Anubis has all ...

  • Mitel Releases Security Advisory for MiCollab

    June 13, 2025

    Mitel has released a security advisory to address a critical severity vulnerability in Mitel MiCollab. MiCollab is a cloud-based platform that integrates chat, voice, video, and SMS messaging for teams. The vulnerability, which has no CVE identifier at time of publish, is a “path traversal” vulnerability with a CVSSv3 score of 9.8. Successful exploitation could allow ...