Verified X ad spreads Mac malware, while ConsentFix steals Microsoft accounts


Cybercriminals are finding new ways to trick people into compromising their own devices and accounts. One campaign used a sponsored ad on X to target Mac users, while another technique, dubbed ConsentFix, steals Microsoft 365 accounts without installing malware.

Researchers have discovered a ClickFix-style attack running as a sponsored advertisement on X. The ad was posted from a verified account, adding an extra layer of credibility to the scam.

ClickFix campaigns use convincing lures—historically fake “human verification” screens, and now a fake download for DynamicLake, a legitimate macOS utility that turns your MacBook’s notch into an unofficial but functional version of Apple’s Dynamic Island. This type of attack requires the user to paste a command from the clipboard, making it depend heavily on user interaction.

Read more…
Source:  MalwareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Darknet drug markets move to custom Android apps for increased privacy

    January 9, 2023

    Online markets selling drugs and other illegal substances on the dark web have started to use custom Android apps for increased privacy and to evade law enforcement. Besides ordering, these apps allow shop clients to communicate with drug vendors and provide specific courier instructions for delivery. This new trend has been observed by analysts at Resecurity around ...

  • Malicious PyPi packages create CloudFlare Tunnels to bypass firewalls

    January 7, 2023

    Six malicious packages on PyPI, the Python Package Index, were found installing information-stealing and RAT (remote access trojan) malware while using Cloudflare Tunnel to bypass firewall restrictions for remote access. The malicious packages attempt to steal sensitive user information stored in browsers, run shell commands, and use keyloggers to steal typed secrets. The six packages were discovered ...

  • Now this password-stealing Android malware wants to grab your bank details too

    January 5, 2023

    A prolific and powerful form of Android malware has switched its attention to online banking applications, using abilities including keylogging to steal usernames and passwords for bank accounts, social media profiles and more. Detailed by researchers at cybersecurity company ThreatFabric, the Android malware is part of the SpyNote family, a form of trojan spyware which has ...

  • CISA Releases Three Industrial Systems Control Advisories

    January 5, 2023

    CISA released three Industrial Control Systems (ICS) advisories on January 5 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-23-005-01 Hitachi Energy UNEM ICSA-23-005-02 Hitachi Energy FOXMAN-UN Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency  

  • Bluebottle: Campaign Hits Banks in French-speaking Countries in Africa

    January 5, 2023

    Bluebottle, a cyber-crime group that specializes in targeted attacks against the financial sector, is continuing to mount attacks on banks in Francophone countries. The group makes extensive use of living off the land, dual-use tools, and commodity malware, with no custom malware deployed in this campaign. The activity observed by Symantec, a division of Broadcom Software, ...

  • PyTorch dependency poisoned with malicious code

    January 4, 2023

    An unknown attacker used the PyPI code repository to get developers to download a compromised PyTorch dependency that included malicious code designed to steal system data. Developers who last week downloaded the nightly builds of the open source PyTorch framework also unknowingly installed a malicious version of the torchtriton dependency found in the Python Package Index, ...