Verified X ad spreads Mac malware, while ConsentFix steals Microsoft accounts


Cybercriminals are finding new ways to trick people into compromising their own devices and accounts. One campaign used a sponsored ad on X to target Mac users, while another technique, dubbed ConsentFix, steals Microsoft 365 accounts without installing malware.

Researchers have discovered a ClickFix-style attack running as a sponsored advertisement on X. The ad was posted from a verified account, adding an extra layer of credibility to the scam.

ClickFix campaigns use convincing lures—historically fake “human verification” screens, and now a fake download for DynamicLake, a legitimate macOS utility that turns your MacBook’s notch into an unofficial but functional version of Apple’s Dynamic Island. This type of attack requires the user to paste a command from the clipboard, making it depend heavily on user interaction.

Read more…
Source:  MalwareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Exploited Vulnerability in Multiple Fortinet Products

    October 10, 2024

    Fortinet has released a security advisory to address a critical vulnerability in the FortiOS fgfmd daemon. CVE-2024-23113 is a ‘use of externally-controlled format string’ vulnerability with a CVSSv3 score of 9.8. A remote unauthenticated attacker could send specially crafted requests to execute arbitrary code (ACE) or commands. Affected organisations are encouraged to review Fortinet PSIRT Advisory ...

  • RDDoS Attack: What to Do if Hackers Demand a Ransom

    October 10, 2024

    DDoS attacks have evolved from simple disruptions into serious threats, with cybercriminals using them to demand ransoms and fill their cryptocurrency wallets. These attackers often operate like modern-day mafiosi, issuing threats and demanding payments. Pay up, or face two outcomes: either the attacks will start, or they simply won’t stop. In this article, StormWall researchers will ...

  • FBI: Update on SVR Cyber Operations and Vulnerability Exploitation

    October 10, 2024

    The Federal Bureau of Investigation (FBI) and pertners are releasing this joint Cybersecurity Advisory (CSA) to highlight the tactics, techniques, and procedures (TTPs) employed by the Russian Federation’s Foreign Intelligence Service (SVR) in recent cyber operations and provide network defenders with information to help counter SVR cyber threats. Since at least 2021, Russian SVR cyber actors ...

  • Lynx Ransomware: A Rebranding of INC Ransomware

    October 10, 2024

    In July 2024, researchers from Palo Alto Networks discovered a successor to INC ransomware named Lynx. Since its emergence, the group behind this ransomware has actively targeted organizations in various sectors such as retail, real estate, architecture, and financial and environmental services in the U.S. and UK. Lynx ransomware shares a significant portion of its source ...

  • API Security Exposed: The Role of API Vulnerabilities in Real-World Data Breaches

    October 10, 2024

    This Trend Micro research discusses real-world API vulnerabilities and shows the risks companies face every day. We start our journey with two popular API gateways: APISIX and Kong. The researchers found over 600 APISIX instances and hundreds of thousands of Kong gateways accessible online. Each one is a door waiting for attackers to knock. However, the ...

  • European government systems hit by air-gap malware attack

    October 9, 2024

    In the last five years, hackers managed to steal sensitive information from air-gapped systems belonging to different European governments on at least three separate occasions. An air-gapped system is a computer or network that is physically isolated from unsecured networks, such as the internet, to prevent unauthorized access and enhance security. Still, crooks managed to steal ...