Verified X ad spreads Mac malware, while ConsentFix steals Microsoft accounts


Cybercriminals are finding new ways to trick people into compromising their own devices and accounts. One campaign used a sponsored ad on X to target Mac users, while another technique, dubbed ConsentFix, steals Microsoft 365 accounts without installing malware.

Researchers have discovered a ClickFix-style attack running as a sponsored advertisement on X. The ad was posted from a verified account, adding an extra layer of credibility to the scam.

ClickFix campaigns use convincing lures—historically fake “human verification” screens, and now a fake download for DynamicLake, a legitimate macOS utility that turns your MacBook’s notch into an unofficial but functional version of Apple’s Dynamic Island. This type of attack requires the user to paste a command from the clipboard, making it depend heavily on user interaction.

Read more…
Source:  MalwareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Ransomware Attack Hits Ship-Tracking Firm Royal Dirkzwager

    March 22, 2023

    A team of ransomware hackers have published proprietary inside data allegedly obtained the Dutch shipping intelligence agency Royal Dirkzwager, according to cybsersecurity trade press. The leak purportedly include employee passports, contracts and other sensitive information. The hackers claim to have more data that is yet to be released, reports Security Week. Read more… Source: The Maritime Executive  

  • Understanding Cyber Threats in Transport

    March 21, 2023

    This new report maps and analyses cyber incidents in relation to aviation, maritime, railway and road transport covering the period of January 2021 to October 2022. The report brings new insights into the cyber threats of the transport sector. In addition to the identification of prime threats and the analysis of incidents, the report includes an ...

  • China used stolen data to expose CIA operatives in Africa and Europe

    March 21, 2023

    Around 2013, U.S. intelligence began noticing an alarming pattern: Undercover CIA personnel, flying into countries in Africa and Europe for sensitive work, were being rapidly and successfully identified by Chinese intelligence, according to three former U.S. officials. The surveillance by Chinese operatives began in some cases as soon as the CIA officers had cleared passport control. Read ...

  • Clop ransomware claims Saks Fifth Avenue, retailer says mock data stolen

    March 21, 2023

    The Clop ransomware gang claims to have attacked Saks Fifth Avenue on its dark web leak site. The cyber security incident is among Clop’s ongoing attacks against vulnerable GoAnywhere MFT servers belonging to established enterprises. Although the company states no real customer data is impacted, it did not address if corporate or employee data was stolen. Read ...

  • Hackers mostly targeted Microsoft, Google, Apple zero-days in 2022

    March 20, 2023

    Hackers continue to target zero-day vulnerabilities in malicious campaigns, with researchers reporting that 55 zero-days were actively exploited in 2022, most targeting Microsoft, Google, and Apple products. Most of these vulnerabilities (53 out of 55) enabled the attacker to either gain elevated privileges or perform remote code execution on vulnerable devices. Read more… Source: Bleeping Computer  

  • New ‘HinataBot’ botnet could launch massive 3.3 Tbps DDoS attacks

    March 19, 2023

    A new malware botnet was discovered targeting Realtek SDK, Huawei routers, and Hadoop YARN servers to recruit devices into DDoS (distributed denial of service) swarm with the potential for massive attacks. The new botnet was discovered by researchers at Akamai at the start of the year, who caught it on their HTTP and SSH honeypots, seen ...