Verified X ad spreads Mac malware, while ConsentFix steals Microsoft accounts


Cybercriminals are finding new ways to trick people into compromising their own devices and accounts. One campaign used a sponsored ad on X to target Mac users, while another technique, dubbed ConsentFix, steals Microsoft 365 accounts without installing malware.

Researchers have discovered a ClickFix-style attack running as a sponsored advertisement on X. The ad was posted from a verified account, adding an extra layer of credibility to the scam.

ClickFix campaigns use convincing lures—historically fake “human verification” screens, and now a fake download for DynamicLake, a legitimate macOS utility that turns your MacBook’s notch into an unofficial but functional version of Apple’s Dynamic Island. This type of attack requires the user to paste a command from the clipboard, making it depend heavily on user interaction.

Read more…
Source:  MalwareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Divide and conquer: how the new Keenadu backdoor exposed links between major Android botnets

    February 17, 2026

    In April 2025, Kaspersky reported on a then-new iteration of the Triada backdoor that had compromised the firmware of counterfeit Android devices sold across major marketplaces. The malware was deployed to the system partitions and hooked into Zygote – the parent process for all Android apps – to infect any app on the device. This allowed ...

  • China remains embedded in US energy networks ‘for the purpose of taking it down’

    February 17, 2026

    Three new threat groups began targeting critical infrastructure last year, while a well-known Beijing-backed crew – Volt Typhoon – continued to compromise cellular gateways and routers, and then break into US electric, oil, and gas companies in 2025, according to Dragos’ annual threat report published on Tuesday. Dragos specializes in operational technology (OT) security, and as ...

  • OpenClaw AI agents targeted by infostealer malware for the first time

    February 17, 2026

    Thanks to its overnight success and widespread adoption, OpenClaw has painted a large target on its back and is now being attacked by infostealers, after security researchers Hudson Rock claimed to have seen a first-of-its-kind attack in the wild. OpenClaw (previously known as Clawdbot and Moltbot) is an open source AI assistant software designed to actually ...

  • China-linked snoops have been exploiting Dell 0-day since mid-2024, using ‘ghost NICs’ to avoid detection

    February 17, 2026

    China-linked attackers exploited a maximum-severity hardcoded-credential bug in Dell RecoverPoint for Virtual Machines as a zero-day since at least mid-2024. It’s all part of a long-running effort to backdoor infected machines for long-term access, according to Google’s Mandiant incident response team. The US government and Google first warned about this campaign last year after detecting Brickstorm ...

  • Critical Vulnerabilities in Ivanti EPMM Exploited

    February 17, 2026

    Two critical zero-day vulnerabilities (CVE-2026-1281 and CVE-2026-1340) affecting Ivanti Endpoint Manager Mobile (EPMM) are being actively exploited in the wild, affecting enterprise mobile fleets and corporate networks. These vulnerabilities allow unauthenticated attackers to remotely execute arbitrary code on target servers, granting them full control over mobile device management (MDM) infrastructure without requiring user interaction or credentials. Read ...

  • Indian pharmacy chain giant exposed customer data and internal systems

    February 17, 2026

    A major Indian pharmacy chain operated a flawed platform which exposed highly sensitive data of millions of users, experts have warned. DavaIndia Pharmacy, the pharmacy arm of Zota Healthcare, currently runs more than 2,300 stores across the country – however, its platform was bugged in a way that allowed unauthenticated users to create “super admin” ...