Verified X ad spreads Mac malware, while ConsentFix steals Microsoft accounts


Cybercriminals are finding new ways to trick people into compromising their own devices and accounts. One campaign used a sponsored ad on X to target Mac users, while another technique, dubbed ConsentFix, steals Microsoft 365 accounts without installing malware.

Researchers have discovered a ClickFix-style attack running as a sponsored advertisement on X. The ad was posted from a verified account, adding an extra layer of credibility to the scam.

ClickFix campaigns use convincing lures—historically fake “human verification” screens, and now a fake download for DynamicLake, a legitimate macOS utility that turns your MacBook’s notch into an unofficial but functional version of Apple’s Dynamic Island. This type of attack requires the user to paste a command from the clipboard, making it depend heavily on user interaction.

Read more…
Source:  MalwareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Ransomware payments drop to record low, even as attacks surge

    February 27, 2026

    Ransomware groups have never been this active, but have also never extorted this little money, new research has claimed. Market analysts Chainalysis found the number of ransomware incidents in 2025 rose by 50% compared to the previous year, earning criminals $820 million – although this number may still rise as more incidents are attributed to ransomware ...

  • CISA and Partners Release Guidance for Ongoing Global Exploitation of Cisco SD-WAN Systems

    February 25, 2026

      CISA and partners have observed malicious cyber actors targeting and compromising Cisco SD-WAN systems of organizations, globally. These actors have been observed exploiting a previously undisclosed authentication bypass vulnerability, CVE-2026-20127, for initial access before escalating privileges using CVE-2022-20775 and establishing long-term persistence in Cisco SD-WAN systems. Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Sign up for the ...

  • Exposing the Undercurrent: Disrupting the GRIDTIDE Global Cyber Espionage Campaign

    February 25, 2026

    Last week, Google Threat Intelligence Group (GTIG), Mandiant, and partners took action to disrupt a global espionage campaign targeting telecommunications and government organizations in dozens of nations across four continents. The threat actor, UNC2814, is a suspected People’s Republic of China (PRC)-nexus cyber espionage group that GTIG has tracked since 2017. This prolific, elusive actor has ...

  • North Korea’s Lazarus Group targets healthcare orgs with Medusa ransomware

    February 24, 2026

    North Korea’s Lazarus Group appears to have added another tool to its kit. It has begun using Medusa ransomware in extortion attacks targeting at least one US healthcare organization and an unnamed victim in the Middle East, according to Symantec and Carbon Black threat hunters. The US healthcare attempt failed, while the Middle East organization was ...

  • Fake Zoom meeting “update” silently installs surveillance software

    February 24, 2026

    A fake Zoom meeting website is silently pushing surveillance software onto Windows machines. Visitors land on a convincing imitation of a Zoom video call. Moments later, an automatic “Update Available” countdown downloads a malicious installer—without asking for permission. The software being installed is a covert build of Teramind, a commercial monitoring tool companies use to record ...

  • Russian hackers target European firms with new spear-phishing cyberattacks

    February 24, 2026

    APT28, the infamous Russian state-sponsored hacking group also known as Fancy Bear, or Sofacy, has been observed targeting “specific entities” in Western and Central Europe with infostealers. In a newly released report, security researchers Lab52 from S2 Grupo detailed “Operation MacroMaze”, which has been ongoing since at least late September 2025 through January 2026. The campaign ...