Verified X ad spreads Mac malware, while ConsentFix steals Microsoft accounts


Cybercriminals are finding new ways to trick people into compromising their own devices and accounts. One campaign used a sponsored ad on X to target Mac users, while another technique, dubbed ConsentFix, steals Microsoft 365 accounts without installing malware.

Researchers have discovered a ClickFix-style attack running as a sponsored advertisement on X. The ad was posted from a verified account, adding an extra layer of credibility to the scam.

ClickFix campaigns use convincing lures—historically fake “human verification” screens, and now a fake download for DynamicLake, a legitimate macOS utility that turns your MacBook’s notch into an unofficial but functional version of Apple’s Dynamic Island. This type of attack requires the user to paste a command from the clipboard, making it depend heavily on user interaction.

Read more…
Source:  MalwareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Growth of ‘hackers for hire’ will lead to more attacks and unpredictable threats, UK cyber security agency warns

    April 19, 2023

    The number of “hackers for hire” is set to grow over the next five years, leading to more cyber attacks and increasingly unpredictable threats, the UK’s cyber security agency has warned. A rise in spyware is also anticipated and other hacking tools, according to a new report by the National Cyber Security Centre (NCSC), which is ...

  • Google patches another actively exploited Chrome zero-day

    April 19, 2023

    Google has released a security update for the Chrome web browser to fix the second zero-day vulnerability found to be exploited in attacks this year. “Google is aware that an exploit for CVE-2023-2136 exists in the wild,” reads the security bulletin from the company. Read more… Source: Bleeping Computer  

  • Play ransomware gang uses custom Shadow Volume Copy data-theft tool

    April 19, 2023

    The Play ransomware group has developed two custom tools in .NET, namely Grixba and VSS Copying Tool, which it uses to improve the effectiveness of its cyberattacks. The two tools enable attackers to enumerate users and computers in compromised networks, gather information about security, backup, and remote administration software, and easily copy files from Volume Shadow ...

  • Capita IT breach gets worse as Black Basta claims it’s now selling off stolen data

    April 18, 2023

    Black Basta, the extortionists who claimed they were the ones who lately broke into Capita, have reportedly put up for sale sensitive details, including bank account information, addresses, and passport photos, stolen from the IT outsourcing giant. A spokesperson for the London-based corporation, which has UK government contracts totaling £6.5 billion ($8 billion), said it hasn’t ...

  • Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets

    April 18, 2023

    Over the past several months, Microsoft has observed a mature subgroup of Mint Sandstorm, an Iranian nation-state actor previously tracked as PHOSPHORUS, refining its tactics, techniques, and procedures (TTPs). Specifically, this subset has rapidly weaponized N-day vulnerabilities in common enterprise applications and conducted highly-targeted phishing campaigns to quickly and successfully access environments of interest. This Mint ...

  • CISA Releases Four Industrial Control Systems Advisories

    April 18, 2023

    CISA released four Industrial Control Systems (ICS) advisories on April 18, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-23-108-01 Omron CSCJ Series ICSA-23-108-02 Schneider Electric Easy UPS Online Monitoring Software Read more… Source: U.S. Cybersecurity ...