Cybercriminals are finding new ways to trick people into compromising their own devices and accounts. One campaign used a sponsored ad on X to target Mac users, while another technique, dubbed ConsentFix, steals Microsoft 365 accounts without installing malware.
Researchers have discovered a ClickFix-style attack running as a sponsored advertisement on X. The ad was posted from a verified account, adding an extra layer of credibility to the scam.
ClickFix campaigns use convincing lures—historically fake “human verification” screens, and now a fake download for DynamicLake, a legitimate macOS utility that turns your MacBook’s notch into an unofficial but functional version of Apple’s Dynamic Island. This type of attack requires the user to paste a command from the clipboard, making it depend heavily on user interaction.
Read more…
Source: MalwareBytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- European diplomats targeted by SPIKEDWINE with WINELOADER
February 27, 2024
Zscaler’s ThreatLabz discovered a suspicious PDF file uploaded to VirusTotal from Latvia on January 30th, 2024. This PDF file is masqueraded as an invitation letter from the Ambassador of India, inviting diplomats to a wine-tasting event in February 2024. The PDF also included a link to a fake questionnaire that redirects users to a malicious ZIP ...
- Malicious Apple Shortcuts could bypass security features to steal data
February 23, 2024
Apple Shortcuts could be used to steal sensitive data from Apple devices due to a high-severity vulnerability. Shortcuts is an app created by Apple that allows users to create customized task workflows on Apple devices and automate processes using a combination of built-in functions. Custom shortcuts can be exported and shared with other users, and shortcuts ...
- The Building Resilience to Cognitive Warfare Technical Exchange Meeting
February 23, 2024
In September 2023, MITRE hosted a Technical Exchange Meeting (TEM) titled Building Resilience to Cognitive Warfare with participants from MITRE, the Department of Defense, and the Australian Defense Force, whic h focused on securing the cognitive domain, including identifying national-level partnerships and innovation opportunities. This paper explores the emerging importance of cognitive security in the face ...
- Charlotte Cowles’s $50,000 Scam Article, Anyone Can Become a Victim
February 23, 2024
“You must follow my directions very carefully. We do not have much time.” These are some of the words scammers used to influence and ultimately defraud Charlotte Cowles, a financial columnist at New York Magazine, in an elaborate imposter scam that cost Cowles and her family $50,000. In this one line alone, there are two classic ...
- Canada: RCMP confirms ‘alarming’ cyber event targeting its networks
February 23, 2024
The Royal Canadian Mounted Police confirmed to CTV News on Friday that it was dealing with a cyber event that targeted its networks, forcing it to launch a criminal investigation into the breach. “At this time, there is no impact on RCMP operations and no known threat to the safety and security of Canadians,” RCMP media ...
- China’s top anti-espionage authority warns of secret leaks through smart wearable devices
February 23, 2024
China’s top anti-espionage authority warned on Friday that various smart wearable devices may become “cyber spies” used by foreign intelligence agencies to carry out espionage activities, posing a threat to national security. The Ministry of State Security (MSS) said on its official WeChat account on Friday that when smart wearable devices are connected to smartphones via ...

