Cybercriminals are finding new ways to trick people into compromising their own devices and accounts. One campaign used a sponsored ad on X to target Mac users, while another technique, dubbed ConsentFix, steals Microsoft 365 accounts without installing malware.
Researchers have discovered a ClickFix-style attack running as a sponsored advertisement on X. The ad was posted from a verified account, adding an extra layer of credibility to the scam.
ClickFix campaigns use convincing lures—historically fake “human verification” screens, and now a fake download for DynamicLake, a legitimate macOS utility that turns your MacBook’s notch into an unofficial but functional version of Apple’s Dynamic Island. This type of attack requires the user to paste a command from the clipboard, making it depend heavily on user interaction.
Read more…
Source: MalwareBytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Dump these insecure phone adapters because we’re not fixing them, says Cisco
May 5, 2023
There is a critical security flaw in a Cisco phone adapter, and the business technology giant says the only step to take is dumping the hardware and migrating to new kit. In an advisory, Cisco this week warned about the vulnerability in the SPA112 2-Port Adapter that, if exploited, could allow a remote attacker to essentially ...
- CISA Releases One Industrial Control Systems Advisory
May 4, 2023
CISA released one Industrial Control Systems (ICS) advisory on May 4, 2023.This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related story: CISA Releases One Industrial Control Systems ...
- Not quite an Easter egg: a new family of Trojan subscribers on Google Play
May 4, 2023
Every once in a while, someone will come across malicious apps on Google Play that seem harmless at first. Some of the trickiest of these are subscription Trojans, which often go unnoticed until the user finds they have been charged for services they never intended to buy. This kind of malware often finds its way ...
- China issues report on U.S. CIA’s cyberattacks on other countries
May 4, 2023
China on Thursday released an investigation report revealing an “empire of hackers” of the Central Intelligence Agency (CIA) of the United States, one of the major intelligence agencies of the country’s federal government. Over a long period, the CIA has been secretly orchestrating “peaceful evolution” and “color revolutions” around the world, continuously conducting espionage activities, said ...
- Apple and Google team up to tackle AirTag stalking
May 3, 2023
Apple and Google have teamed up to thwart people who try to track others using devices designed to help find lost keys and luggage. The rival tech giants do not often collaborate on new features for their smartphones, with a joint initiative to create contact tracing software during the pandemic one of few past examples. Read more… Source: ...
- CISA Adds Three Known Exploited Vulnerabilities to Catalog
May 1, 2023
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-1389 TP-Link Archer AX-21 Command Injection Vulnerability CVE-2021-45046 Apache Log4j2 Deserialization of Untrusted Data Vulnerability Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related story: CISA Urges Organizations to Incorporate the FCC Covered List Into Risk Management Plans Related story: CISA Releases ...

