Verified X ad spreads Mac malware, while ConsentFix steals Microsoft accounts


Cybercriminals are finding new ways to trick people into compromising their own devices and accounts. One campaign used a sponsored ad on X to target Mac users, while another technique, dubbed ConsentFix, steals Microsoft 365 accounts without installing malware.

Researchers have discovered a ClickFix-style attack running as a sponsored advertisement on X. The ad was posted from a verified account, adding an extra layer of credibility to the scam.

ClickFix campaigns use convincing lures—historically fake “human verification” screens, and now a fake download for DynamicLake, a legitimate macOS utility that turns your MacBook’s notch into an unofficial but functional version of Apple’s Dynamic Island. This type of attack requires the user to paste a command from the clipboard, making it depend heavily on user interaction.

Read more…
Source:  MalwareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • New ransomware-as-a-service caters to cybercriminals with commercial expansion

    November 23, 2023

    New evidence suggests that the popular Play ransomware is now being rented out to cybercriminals. Known as ransomware-as-a-service (RaaS), cybercriminals can pay to use the malware itself alongside the infrastructure needed to pull off an attack.This is a relatively new phenomenon and can provide a steady stream of revenue for malicious cyber gangs. Read more… Source: MSN News  

  • Q3 2023 in Review: DDoS Attacks Report by StormWall

    November 23, 2023

    StormWall researchers observed that attacks have grown by 43% compared to Q3 2022. Over the past quarter, and according to the analysis conducted by the team, there have been three main trends affecting the surge in DDoS attacks: The number of multi-vector attacks has increased There’s been a significant spike in attacks that target multiple protocols or ...

  • Israel-Hamas war spotlight: Shaking the rust off SysJoker

    November 23, 2023

    Amid tensions in the ongoing Israel-Hamas war, Check Point Research has been conducting active threat hunting in an effort to discover, attribute, and mitigate relevant regional threats. Among those, some new variants of the SysJoker malware, including one coded in Rust, recently caught our attention. Check Point assessment is that these were used in targeted attacks ...

  • HrServ – Previously unknown web shell used in APT attack

    November 22, 2023

    In the course of our routine investigation, we discovered a DLL file, identified as hrserv.dll, which is a previously unknown web shell exhibiting sophisticated features such as custom encoding methods for client communication and in-memory execution. Kaspersky analysis of the sample led to the discovery of related variants compiled in 2021, indicating a potential correlation between ...

  • Diamond Sleet supply chain compromise distributes a modified CyberLink installer

    November 22, 2023

    Microsoft Threat Intelligence has uncovered a supply chain attack by the North Korea-based threat actor Diamond Sleet (ZINC) involving a malicious variant of an application developed by CyberLink Corp., a software company that develops multimedia software products. This malicious file is a legitimate CyberLink application installer that has been modified to include malicious code that downloads, ...

  • Türkiye’s MIT saves Palestinian Iron Dome hacker from Mossad hit

    November 22, 2023

    Türkiye’s National Intelligence Organization (MIT) saved Omar A. from possible death or abduction in an international operation and offered him protection as the renowned Palestinian hacker was targeted by Mossad in Türkiye and Malaysia. The young man credited with hacking into Israel’s notorious Iron Dome air defense system was sought by Israel for a long time. ...