Cybercriminals are finding new ways to trick people into compromising their own devices and accounts. One campaign used a sponsored ad on X to target Mac users, while another technique, dubbed ConsentFix, steals Microsoft 365 accounts without installing malware.
Researchers have discovered a ClickFix-style attack running as a sponsored advertisement on X. The ad was posted from a verified account, adding an extra layer of credibility to the scam.
ClickFix campaigns use convincing lures—historically fake “human verification” screens, and now a fake download for DynamicLake, a legitimate macOS utility that turns your MacBook’s notch into an unofficial but functional version of Apple’s Dynamic Island. This type of attack requires the user to paste a command from the clipboard, making it depend heavily on user interaction.
Read more…
Source: MalwareBytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- State-backed attackers and commercial surveillance vendors repeatedly use the same exploits
August 29, 2024
Google’s Threat Analysis Group (TAG) observed multiple in-the-wild exploit campaigns, between November 2023 and July 2024, delivered from a watering hole attack on Mongolian government websites. The campaigns first delivered an iOS WebKit exploit affecting iOS versions older than 16.6.1 and then later, a Chrome exploit chain against Android users running versions from m121 to m123. ...
- Spain’s Alcampo Acts Quickly To Mitigate Impact Of Cyber Attack
August 29, 2024
Spanish retailer Alcampo has reportedly suffered a cyber attack, however the group told local media that it acted quickly to mitigate its effects. The retailer experienced the cyber attack between Sunday 25 August and Monday 26 August, according to media reports, and upon discovery of the incident, engaged data protection experts to implement the necessary technical, ...
- Deep Analysis of Snake Keylogger’s New Variant
August 28, 2024
Fortinet’s FortiGuard Labs recently caught a phishing campaign in the wild with a malicious Excel document attached to the phishing email. Fortinet researchers performed a deep analysis on the campaign and discovered that it delivers a new variant of Snake Keylogger. Snake Keylogger (aka “404 Keylogger” or “KrakenKeylogger”) is a subscription-based keylogger with many capabilities. It ...
- Fortra Releases Security Advisories for FileCatalyst Workflow
August 28, 2024
Fortra has released security advisories addressing a critical vulnerability and a high severity vulnerability found in FileCatalyst Workflow. FileCatalyst is an accelerated file transfer software solution that allows the transfer of large files over remote networks. CVE-2024-6632 is an SQL injection vulnerability with a CVSSv3 score of 7.2 (high), which if exploited could allow an unauthenticated ...
- UK: Staff details stolen in poultry factory cyber attack
August 28, 2024
Staff at a poultry factory in Norfolk have had their personal details stolen in a cyber attack. Banham Poultry, based in Attleborough, said criminals had remotely accessed its system in the early hours of 18 August. In an email sent to staff, seen by the BBC, the company said information such as National Insurance numbers, copies ...
- Interpol busts Black Axe global crime network, arrest over 300
August 28, 2024
The International Criminal Police Organisation (INTERPOL) Police units had in a coordinated action in 21 countries between April and July 2024 arrested over 300 people with links to Nigerian criminal group Black Axe and other affiliated groups. In a statement, Interpol said operation “Operation Jackal III” led to hundreds of arrests, the seizure of assets worth ...

