Cybercriminals are finding new ways to trick people into compromising their own devices and accounts. One campaign used a sponsored ad on X to target Mac users, while another technique, dubbed ConsentFix, steals Microsoft 365 accounts without installing malware.
Researchers have discovered a ClickFix-style attack running as a sponsored advertisement on X. The ad was posted from a verified account, adding an extra layer of credibility to the scam.
ClickFix campaigns use convincing lures—historically fake “human verification” screens, and now a fake download for DynamicLake, a legitimate macOS utility that turns your MacBook’s notch into an unofficial but functional version of Apple’s Dynamic Island. This type of attack requires the user to paste a command from the clipboard, making it depend heavily on user interaction.
Read more…
Source: MalwareBytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Singaporean businesses targeted by Akira ransomware
June 10, 2024
Akira – a ransomware hacker group -that extorted $42 million from over 250 organizations across North America, Europe, and Australia within a year, is now actively targeting businesses in Singapore, according to a joint advisory issued by Singaporean authorities. The Cyber Security Agency of Singapore (CSA), the Singapore Police Force, and the Personal Data Protection Commission ...
- Bypassing 2FA with phishing and OTP bots
June 10, 2024
Two-factor authentication (2FA) is a security feature we have come to expect as standard by 2024. Most of today’s websites offer some form of it, and some of them won’t even let you use their service until you enable 2FA. Individual countries have adopted laws that require certain types of organizations to protect users’ accounts ...
- Major data breach at Philippines Agricultural Credit Policy Council (ACPC) exposes sensitive information
June 9, 2024
The Agricultural Credit Policy Council (ACPC) has been hacked, exposing sensitive data and raising concerns about government agency security. Ph1ns, a hacker who gained unauthorized access to the ACPC’s internal systems, revealed the breach. The hacker was also responsible for several hack attacks on government agencies, including the DOST and the PNP. Read more… Source: Manila Bulletin Sign up ...
- New Agent Tesla Campaign Targeting Spanish-Speaking People
June 7, 2024
A new phishing campaign was recently captured by our FortiGuard Labs that spreads a new Agent Tesla variant targeting Spanish-speaking people. Security researchers have detected Agent Tesla campaigns from time to time for years. Agent Tesla is a well-known .Net-based Remote Access Trojan (RAT) designed to stealthily infiltrate victim’s computers and steal their sensitive information, such ...
- Frontier Communications: 750k people’s data stolen in April attack on systems
June 7, 2024
Frontier Communications has confirmed more than 750,000 individuals were affected in an April cyberattack on its systems, according to a regulatory filing. Lawyers representing the major US telco told the Office of the Maine Attorney General that data belonging to 751,895 people was stolen. The data types impacted, according to the filing, are limited to names ...
- Telangana Police hit by second major data breach in a week as TSCOP App compromised
June 7, 2024
Just a week after the hacking incident involving Telangana police’s HawkEye app, another app, TSCOP, has been compromised as well. As a result, policerelated data is currently available for sale on online forums. The same hacker responsible for the breach of HawkEye is behind this security lapse. The TSCOP app user data is being sold online ...

