Verified X ad spreads Mac malware, while ConsentFix steals Microsoft accounts


Cybercriminals are finding new ways to trick people into compromising their own devices and accounts. One campaign used a sponsored ad on X to target Mac users, while another technique, dubbed ConsentFix, steals Microsoft 365 accounts without installing malware.

Researchers have discovered a ClickFix-style attack running as a sponsored advertisement on X. The ad was posted from a verified account, adding an extra layer of credibility to the scam.

ClickFix campaigns use convincing lures—historically fake “human verification” screens, and now a fake download for DynamicLake, a legitimate macOS utility that turns your MacBook’s notch into an unofficial but functional version of Apple’s Dynamic Island. This type of attack requires the user to paste a command from the clipboard, making it depend heavily on user interaction.

Read more…
Source:  MalwareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Europol publishes IOCTA spotlight report on online fraud schemes

    December 19, 2023

    Europol’s spotlight report on online fraud highlights that online fraud schemes represent a major crime threat in the EU and beyond as online fraudsters generate multiple billions in illicit profits every year to the detriment of individuals, companies and public institutions. Fraud schemes are perpetrated with the intention of defrauding victims of their assets using false ...

  • Xfinity discloses a data breach but doesn’t say how many users are affected

    December 18, 2023

    Xfinity is notifying customers of a “data security incident” it says resulted in the theft of customer information, including usernames, passwords, contact information, and more. In a notice on Monday, Xfinity says “there was unauthorized access” to its systems from October 16th to October 19th, 2023. Xfinity traces the breach to a security vulnerability disclosed by ...

  • Coverage Advisory for CVE-2023-50164: Apache Struts Path Traversal and File Upload Vulnerability

    December 18, 2023

    CVE-2023-50164 is a path traversal flaw that allows a remote attacker to upload malicious files to vulnerable servers. After successful exploitation, an attacker can achieve Remote Code Execution (RCE) on the target server. An attacker exploiting such a vulnerability can access, upload, or modify important files, steal sensitive information, disrupt critical services, or move laterally on ...

  • #StopRansomware: Play Ransomware

    December 18, 2023

    The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) are releasing this joint CSA to disseminate the Play ransomware group’s IOCs and TTPs identified through FBI investigations as recently as October 2023. Since June 2022, the Play (also known as Playcrypt) ransomware group ...

  • MongoDB, North Face owner VF Corp and Mr. Cooper fall victim to cyberattacks

    December 18, 2023

    It has been a busy few days on the cybersecurity front as three notable companies confirmed hacks over the last two days: MongoDB Inc., North Face and Vans owner VF Corp., and mortgage broker Mr. Cooper Group Inc. The first hack, that of MongoDB, was confirmed over the weekend and involved its corporate systems being breached ...

  • Israeli-linked hacker group behind major cyber-attack on Iran’s petrol stations

    December 18, 2023

    An Israeli-linked hacker group claims to have carried out a major cyber-attack on Iranian petrol stations, knocking 70 per cent of them offline on Monday. Predatory Sparrow, or “Gonjeshke Darande” in Persian, said it launched the “controlled” attack in response to “aggression” by the Islamic Republic and its proxies in the region. “This cyber attack was ...