Cybercriminals are finding new ways to trick people into compromising their own devices and accounts. One campaign used a sponsored ad on X to target Mac users, while another technique, dubbed ConsentFix, steals Microsoft 365 accounts without installing malware.
Researchers have discovered a ClickFix-style attack running as a sponsored advertisement on X. The ad was posted from a verified account, adding an extra layer of credibility to the scam.
ClickFix campaigns use convincing lures—historically fake “human verification” screens, and now a fake download for DynamicLake, a legitimate macOS utility that turns your MacBook’s notch into an unofficial but functional version of Apple’s Dynamic Island. This type of attack requires the user to paste a command from the clipboard, making it depend heavily on user interaction.
Read more…
Source: MalwareBytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Google saves your conversations with Gemini for years by default
February 8, 2024
Don’t type anything into Gemini, Google’s family of GenAI apps, that’s incriminating — or that you wouldn’t want someone else to see. That’s the PSA (of sorts) today from Google, which in a new support document outlines the ways in which it collects data from users of its Gemini chatbot apps for the web, Android and ...
- Data of 33 million people in France stolen in its largest ever cyberattack
February 8, 2024
Over 33 million people in France – nearly half of its population – have been impacted by the country’s biggest-ever cyberattack. Two French service providers for medical insurance companies were targetted, with the companies admitting that millions of people’s data were exposed to the hackers. Read more… Source: MSN News
- Warning: Fraudulent App Impersonating LastPass Currently Available in Apple App Store
February 7, 2024
LastPass would like to alert our customers to a fraudulent app attempting to impersonate our LastPass app on the Apple App Store. The app in question is called “LassPass Password Manager” and lists Parvati Patel as the developer. The app attempts to copy our branding and user interface, though close examination of the posted screenshots reveal ...
- Cyber-hacking victims ‘paid out record $1.1bn in ransoms last year‘
February 7, 2024
Ransomware gangs staged a “major comeback” last year, according to research, with victims of hacking attacks paying out a record $1.1bn to assailants. Cyber criminals stepped up their global operations in 2023 after a lull in 2022, with victims including hospitals, schools and major corporations. Payments to criminal gangs in the wake of attacks doubled compared ...
- Surprising 3 Million Hacked Toothbrushes Story Goes Viral – Is It True?
February 7, 2024
A news story about the hacking of three million smart toothbrushes to create a massive botnet used to launch a distributed denial of service cyberattack against a Swiss organization has gone viral. However, many in the information security industry, including the author, have trouble finding evidence to support the story. Searching Google reveals that everything from ...
- Every tenth Russian faced cybercriminals in 2023 – Bank of Russia
February 7, 2024
Every tenth Russian respondent experienced cybercrime, with losses not exceeding 20,000 rubles (around $220), according to the published results of a survey conducted by the Bank of Russia in 2023. “Last year, there were more people who faced cybercriminals, with every tenth person becoming a victim. Typically, the loss was less than 20,000 rubles. Victims usually ...

