Verified X ad spreads Mac malware, while ConsentFix steals Microsoft accounts


Cybercriminals are finding new ways to trick people into compromising their own devices and accounts. One campaign used a sponsored ad on X to target Mac users, while another technique, dubbed ConsentFix, steals Microsoft 365 accounts without installing malware.

Researchers have discovered a ClickFix-style attack running as a sponsored advertisement on X. The ad was posted from a verified account, adding an extra layer of credibility to the scam.

ClickFix campaigns use convincing lures—historically fake “human verification” screens, and now a fake download for DynamicLake, a legitimate macOS utility that turns your MacBook’s notch into an unofficial but functional version of Apple’s Dynamic Island. This type of attack requires the user to paste a command from the clipboard, making it depend heavily on user interaction.

Read more…
Source:  MalwareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Rapid7 Observed Exploitation of Atlassian Confluence CVE-2023-22518

    November 6, 2023

    As of November 5, 2023, Rapid7 Managed Detection and Response (MDR) is observing exploitation of Atlassian Confluence in multiple customer environments, including for ransomware deployment. We have confirmed that at least some of the exploits are targeting CVE-2023-22518, an improper authorization vulnerability affecting Confluence Data Center and Confluence Server. Atlassian published an advisory for the vulnerability ...

  • Agonizing Serpens (Aka Agrius) Targeting the Israeli Higher Education and Tech Sectors

    November 6, 2023

    Unit 42 researchers have investigated a series of destructive cyberattacks beginning in January 2023 and continuing as recently as October 2023, targeting the education and technology sectors in Israel. The attacks are characterized by attempts to steal sensitive data, such as personally identifiable information (PII) and intellectual property. Once the attackers stole the information, they ...

  • Online store exposed millions of Chinese citizen IDs

    November 6, 2023

    A security researcher said he discovered millions of Chinese citizen identity numbers spilling online after an e-commerce store left its database exposed to the internet. Viktor Markopoulos, a security researcher working for CloudDefense.ai, said he found the database belonging to Zhefengle, a China-based e-commerce store for importing goods from overseas. The database contained more than ...

  • New Report On Suffolk County Cyber Attack Raises Questions

    November 6, 2023

    The former IT commissioner for the Suffolk County Clerk’s department did not alert county officials that the computer network in the clerk’s office was responding to a “radical malware attack” until eight hours after he was alerted, the Press has learned. The Center for Internet Security (CIS) sent an email at 3 a.m. on Sept. 8, ...

  • US sanctions Russian accused of laundering Ryuk ransomware funds

    November 6, 2023

    The U.S. government has sanctioned a Russian national for allegedly laundering millions of dollars’ worth of victim ransom payments on behalf of individuals linked to the notorious Ryuk ransomware group. According to an announcement from the U.S. Treasury’s Office of Foreign Assets Control (OFAC), Ekaterina Zhdanova, 37, is accused of using virtual currency exchange transfers and ...

  • Infosys subsidiary hit by cyber security attack

    November 3, 2023

    Infosys announced on Friday, November 3, that its US unit, Infosys McCamish Systems, was impacted by a cyber security event, resulting in the non-availability of certain applications and systems. The IT services major said it is working with a cyber security company to resolve the issue and that it had launched an investigation to identify the ...