Verified X ad spreads Mac malware, while ConsentFix steals Microsoft accounts


Cybercriminals are finding new ways to trick people into compromising their own devices and accounts. One campaign used a sponsored ad on X to target Mac users, while another technique, dubbed ConsentFix, steals Microsoft 365 accounts without installing malware.

Researchers have discovered a ClickFix-style attack running as a sponsored advertisement on X. The ad was posted from a verified account, adding an extra layer of credibility to the scam.

ClickFix campaigns use convincing lures—historically fake “human verification” screens, and now a fake download for DynamicLake, a legitimate macOS utility that turns your MacBook’s notch into an unofficial but functional version of Apple’s Dynamic Island. This type of attack requires the user to paste a command from the clipboard, making it depend heavily on user interaction.

Read more…
Source:  MalwareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Chinese researchers break RSA encryption with a quantum computer

    October 14, 2024

    The research team, led by Wang Chao from Shanghai University, found that D-Wave’s quantum computers can optimize problem-solving in a way that makes it possible to attack encryption methods such as RSA. In a potentially alarming development for global cybersecurity, Chinese researchers have unveiled a method using D-Wave’s quantum annealing systems to crack classic encryption, potentially ...

  • Pokémon hack exposes future games, beta designs and more

    October 14, 2024

    Pokémon developer Game Freak has confirmed its servers were hacked in August. The breach meant internal materials — from source codes to early and even scrapped character designs — were circulating on social media over the weekend. Leaked documents and images flooded Reddit and X after Centro Leaks began dumping it all on Saturday afternoon. It ...

  • Over 77,000 customers’ personal information is exposed in Fidelity Investments data breach

    October 12, 2024

    Fidelity Investments reported in a filing with Maine’s attorney general that an unnamed third party accessed information from its systems using two recently established customer accounts. It did not say how the creation of two Fidelity customer accounts allowed access to the data of thousands of other customers. The breach occurred between Aug. 17 and 19 ...

  • Critical Veeam Backup & Replication Vulnerability Under Active Exploitation

    October 11, 2024

    Security researchers have reported CVE-2024-40711 is under active exploitation by ransomware groups. These groups are reportedly exploiting CVE-2024-40711 as a second stage exploit to create new local Administrator accounts to facilitate further objectives on compromised networks. Reports warn of exploitation attempts since shortly after official disclosure by Veeam. Enterprise backup and disaster recovery applications are valuable ...

  • CoreWarrior Spreader Malware Surge

    October 11, 2024

    This week, the SonicWall Capture Labs threat research team investigated a sample of CoreWarrior malware. This is a persistent trojan that attempts to spread rapidly by creating dozens of copies of itself and reaching out to multiple IP addresses, opening multiple sockets for backdoor access, and hooking Windows UI elements for monitoring. Infection Cycle The malware ...

  • Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA

    October 11, 2024

    Today FortiGuard Labs is releasing this blog post about a case where an advanced adversary was observed exploiting three vulnerabilities affecting the Ivanti Cloud Services Appliance (CSA). At the time of the investigation, two out of the three identified vulnerabilities were not publicly known. This incident is a prime example of how threat actors chain zero-day ...