Cybercriminals are finding new ways to trick people into compromising their own devices and accounts. One campaign used a sponsored ad on X to target Mac users, while another technique, dubbed ConsentFix, steals Microsoft 365 accounts without installing malware.
Researchers have discovered a ClickFix-style attack running as a sponsored advertisement on X. The ad was posted from a verified account, adding an extra layer of credibility to the scam.
ClickFix campaigns use convincing lures—historically fake “human verification” screens, and now a fake download for DynamicLake, a legitimate macOS utility that turns your MacBook’s notch into an unofficial but functional version of Apple’s Dynamic Island. This type of attack requires the user to paste a command from the clipboard, making it depend heavily on user interaction.
Read more…
Source: MalwareBytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- New SnailLoad side-channel attack detailed
June 25, 2024
SecurityWeek reports that website and content inferencing could be remotely conducted by threat actors without direct network traffic access via the new SnailLoad side-channel attack technique. Several latency measurements for websites and YouTube videos viewed by targets are being conducted by threat actors to establish digital fingerprints before luring targets to download files from a malicious ...
- LockBit hackers claim to have cracked the US Federal Reserve
June 25, 2024
The LockBit cybercrime gang has claimed to have stolen an enormous database from the US Federal Reserve, which includes sensitive banking information about American citizens – but the claim is being met with suspicion. Earlier this week, the infamous ransomware operator added the Fed on its data leak site, saying it had acquired an archive containing ...
- UK and US cops band together to tackle Qilin’s ransomware shakedowns
June 25, 2024
UK and US cops have reportedly joined forces to find and fight Qilin, the ransomware gang wreaking havoc on the global healthcare industry. In early June, the notorious Russia-based crew attacked Synnovis, which provides pathology services to National Health Service’s London hospitals. The digital intrusion has led to the cancellation or postponement of surgeries for thousands ...
- Indonesian government says national data center was hit in ransomware attack – but it won’t pay up
June 25, 2024
The government of Indonesia has suffered a ransomware attack that crippled many of its organizations and caused quite a nuisance for its citizens – but says it won’t be held to ransom. Government officials confirmed its National Data Center (PDN) was struck on June 20, with the attack apparently organized by an affiliate of LockBit, with ...
- Stopping Chinese cyberattacks is officially now the biggest priority for US security forces
June 25, 2024
The US Department of Homeland Security (DHS) has shuffled its priorities to place battling the “cyber and other threats posed by the People’s Republic of China” at the top of the list, at least until the end of 2025. China has been conducting numerous cyber attacks against US infrastructure, particularly focussing on internet-facing endpoints within water ...
- Chinese hackers have stepped up attacks on Taiwanese organizations
June 24, 2024
A suspected Chinese state-sponsored hacking group has stepped up its targeting of Taiwanese organizations, particularly those in sectors such as government, education, technology and diplomacy, according to cybersecurity intelligence company Recorded Future. RedJuliett has targeted Taiwanese organizations in the past, but this is the first time that activity was seen at such a scale, a Recorded ...

