Cybercriminals are finding new ways to trick people into compromising their own devices and accounts. One campaign used a sponsored ad on X to target Mac users, while another technique, dubbed ConsentFix, steals Microsoft 365 accounts without installing malware.
Researchers have discovered a ClickFix-style attack running as a sponsored advertisement on X. The ad was posted from a verified account, adding an extra layer of credibility to the scam.
ClickFix campaigns use convincing lures—historically fake “human verification” screens, and now a fake download for DynamicLake, a legitimate macOS utility that turns your MacBook’s notch into an unofficial but functional version of Apple’s Dynamic Island. This type of attack requires the user to paste a command from the clipboard, making it depend heavily on user interaction.
Read more…
Source: MalwareBytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Cyber attack hits Pennsylvania Courts’ website
February 5, 2024
Pennsylvania Courts’ website was targeted in a cyber attack on Sunday. Pennsylvania’s Chief Justice Debra Todd made the announcement, saying portions of the website were made unavailable due to the attack. The situation was described as a denial of service cyber attack. Todd said there was no indication any court data was compromised and courts will ...
- Pakistan: Balochistan decides to ‘restrict’ internet service in ‘sensitive polling booths’
February 5, 2024
The caretaker government in Balochistan has decided to keep the internet service restricted in the sensitive polling booths in certain areas of the province in the lead-up to the February 8 polls amid dire security risks due to a spike in terrorist attacks. Balochistan caretaker Information Minister Jan Achakzai on Sunday night announced the decision, citing ...
- Exploring the (Not So) Secret Code of Black Hunt Ransomware
February 5, 2024
It seems like every week, the cybersecurity landscape sees the emergence of yet another ransomware variant, with Black Hunt being one of the latest additions. Initially reported by cybersecurity researchers in 2022, this new threat has quickly made its presence known. In a recent incident, Black Hunt ransomware wreaked havoc by compromising around 300 companies in ...
- Classified Japanese diplomatic info leaked after Chinese cyberattacks in 2020
February 5, 2024
Classified Japanese diplomatic information was leaked following Chinese cyberattacks on the Foreign Ministry in 2020, a government source said Monday, exposing the nation’s digital vulnerability. Japan detected the large-scale attack and release of diplomatic telegrams during a period of government under then Prime Minister Shinzo Abe, the source said, but the nature of the leaked information ...
- Researchers remotely exploit devices used to manage safe aircraft landings and takeoffs
February 3, 2024
Criminals could remotely tamper with the data that apps used by airplane pilots rely on to inform safe takeoff and landing procedures, according to fresh research. In a scenario that elicits strong memories of that nail-biting flight scene from Die Hard 2, researchers investigating electronic flight bags (EFBs) found the app used by Airbus pilots was ...
- Philippines: Cyber attack on Overseas Workers Welfare Administration website foiled
February 3, 2024
The Department of Information and Communications Technology (DICT) has prevented a cyber attack aimed at taking down the website of the Overseas Workers Welfare Administration (OWWA). At the Saturday News Forum, DICT Undersecretary for Cybersecurity Jeff Ian Dy said the DICT was able to “defend” various web applications related to OWWA from cyber attacks. The DICT ...

