Cybercriminals are finding new ways to trick people into compromising their own devices and accounts. One campaign used a sponsored ad on X to target Mac users, while another technique, dubbed ConsentFix, steals Microsoft 365 accounts without installing malware.
Researchers have discovered a ClickFix-style attack running as a sponsored advertisement on X. The ad was posted from a verified account, adding an extra layer of credibility to the scam.
ClickFix campaigns use convincing lures—historically fake “human verification” screens, and now a fake download for DynamicLake, a legitimate macOS utility that turns your MacBook’s notch into an unofficial but functional version of Apple’s Dynamic Island. This type of attack requires the user to paste a command from the clipboard, making it depend heavily on user interaction.
Read more…
Source: MalwareBytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Casio Data Breach Impacts Customers in 149 Countries
October 27, 2023
Japanese electronics colossus Casio Computer Co., Ltd. has suffered a data breach on its ClassPad education platform, impacting customers in 149 countries. A technical failure on October 11, 2023, alerted Casio to the cyber intrusion that culminated in an unauthorized entity accessing the ClassPad development database on October 12, 2023. Casio launched an investigation and confirmed ...
- Police warn Israelis not to answer unknown calls
October 27, 2023
The Israel Police warned citizens on Friday not to answer phone or video calls from numbers they don’t recognize—particularly from abroad—following a surge of suspicious calls reported to authorities. “The purpose of the calls may be to cause panic and harassment and may be part of attempts to take over the WhatsApp accounts,” per a ...
- A cascade of compromise: unveiling Lazarus’ new campaign
October 27, 2023
Earlier this year, a software vendor was compromised by the Lazarus malware delivered through unpatched legitimate software. What’s remarkable is that these software vulnerabilities were not new, and despite warnings and patches from the vendor, many of the vendor’s systems continued to use the flawed software, allowing the threat actor to exploit them. Upon further investigation, ...
- Increasing transparency in AI security
October 26, 2023
New AI innovations and applications are reaching consumers and businesses on an almost-daily basis. Building AI securely is a paramount concern, and we believe that Google’s Secure AI Framework (SAIF) can help chart a path for creating AI applications that users can trust. Today, we’re highlighting two new ways to make information about AI supply ...
- ‘iLeakage’ Attack Can Force Apple Safari To Reveal Passwords
October 26, 2023
A group of academic researchers has developed a speculative execution attack named “iLeakage” that can extract sensitive data, such as passwords and emails, on recent Apple devices via the Safari web browser. iLeakage has been developed by a team of academics from Georgia Tech, the University of Michigan, and Ruhr University Bochum after extensive examination of ...
- Kansas court system down nearly 2 weeks in `security incident’ that has hallmarks of ransomware
October 26, 2023
Kansas officials are calling a massive computer outage that’s kept most of the state’s courts offline for two weeks a “security incident” and, while they have provided no explanation, experts say it has all the hallmarks of a ransomware attack. The disruption has left attorneys unable to search online records and forced them to file motions ...

