Verified X ad spreads Mac malware, while ConsentFix steals Microsoft accounts


Cybercriminals are finding new ways to trick people into compromising their own devices and accounts. One campaign used a sponsored ad on X to target Mac users, while another technique, dubbed ConsentFix, steals Microsoft 365 accounts without installing malware.

Researchers have discovered a ClickFix-style attack running as a sponsored advertisement on X. The ad was posted from a verified account, adding an extra layer of credibility to the scam.

ClickFix campaigns use convincing lures—historically fake “human verification” screens, and now a fake download for DynamicLake, a legitimate macOS utility that turns your MacBook’s notch into an unofficial but functional version of Apple’s Dynamic Island. This type of attack requires the user to paste a command from the clipboard, making it depend heavily on user interaction.

Read more…
Source:  MalwareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Kaspersky uncovers APT campaign targeting APAC government entities

    October 17, 2023

    Kaspersky researchers have discovered a persistent campaign compromising a specific type of secure USB drive used to provide encryption for safe data storage. Dubbed “TetrisPhantom,” this espionage effort targets government entities in the Asia-Pacific region (APAC), and shows no discernible overlap with any known threat actor. These and other findings are detailed in Kaspersky’s new ...

  • Urgent global response needed for “insidious” cybercrime – Interpol

    October 16, 2023

    SINGAPORE – New types of cybercrime are emerging all the time. Manipulative and well-organized cybercriminals are exploiting digital technologies to tailor their attacks and target weaknesses in online systems, networks and infrastructures. The complex and borderless nature of cybercrime is compounded by the involvement of transnational organized crime groups, underlining the need to mount an ...

  • Thailand: House of Representatives’ Website Hacked, Cyber Attack Investigation Underway

    October 16, 2023

    The House of Representatives’ website fell victim to a cyber attack on Sunday, October 15, 2023. The hackers, who go by the name 3MUSKETEERZ, managed to breach the website’s security and display a picture of a troll in the photo journal section. Additionally, the perpetrators altered the press releases and committee schedules featured on the site. ...

  • Understanding DNS Tunneling Traffic in the Wild

    October 13, 2023

    Palo Alto Unit 42 researchers present a study on why and how domain name system (DNS) tunneling techniques are used in the wild. Motivated by their findings, they present a system to automatically attribute tunneling domains to tools and campaigns. Attackers adopt DNS tunneling techniques to bypass security policies in enterprise networks because most enterprises ...

  • curl SOCKS5 heap overflow vulnerability

    October 13, 2023

    Client URL, or curl, and its library version libcurl are one of the most popular and integrated command line tools for data transfer. They support a wide range of protocols such as HTTP, HTTPS, SMTP and FTP and enable the user to make requests to a URL while handling all standard components of requests such ...

  • Cyber attack targets Medical Aid for Palestinians’ website amid Israel-Hamas conflict

    October 13, 2023

    In the midst of the ongoing conflict between Israel and Hamas, the Medical Aid for Palestinians organisation has reported a cyber attack on their website, which has disrupted their relief efforts for Gaza. They have also issued a warning that their website may go offline due to these disruptions. Taking to X (formerly Twitter), they posted ...