Verified X ad spreads Mac malware, while ConsentFix steals Microsoft accounts


Cybercriminals are finding new ways to trick people into compromising their own devices and accounts. One campaign used a sponsored ad on X to target Mac users, while another technique, dubbed ConsentFix, steals Microsoft 365 accounts without installing malware.

Researchers have discovered a ClickFix-style attack running as a sponsored advertisement on X. The ad was posted from a verified account, adding an extra layer of credibility to the scam.

ClickFix campaigns use convincing lures—historically fake “human verification” screens, and now a fake download for DynamicLake, a legitimate macOS utility that turns your MacBook’s notch into an unofficial but functional version of Apple’s Dynamic Island. This type of attack requires the user to paste a command from the clipboard, making it depend heavily on user interaction.

Read more…
Source:  MalwareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • What Can Schools Do Against the Onslaught of Ransomware?

    December 22, 2022

    Cyber attacks have become a pressing issue for K-12 schools, but school districts aren’t waging the fight alone. A variety of free federal and state resources can offer guidance and assistance, while cyber best practices and automated and managed services can help schools get the most impact from their limited budgets, said speakers during a ...

  • Comcast Xfinity accounts hacked in widespread 2FA bypass attacks

    December 22, 2022

    ​Comcast Xfinity customers report their accounts being hacked in widespread attacks that bypass two-factor authentication. These compromised accounts are then used to reset passwords for other services, such as the Coinbase and Gemini crypto exchanges. Starting on December 19th, many Xfinity email users began receiving notifications that their account information had been changed. However, when attempting ...

  • Detecting Windows AMSI Bypass Techniques

    December 21, 2022

    Windows Antimalware Scan Interface (AMSI) is an agnostic security feature in the Windows operating system (OS) that allows applications and services to integrate with security products installed on a computer. Introduced by Microsoft in 2015, it provides a standard interface that allows solutions to scan files, memory, and other data for threats. This can help ...

  • Godfather: A banking Trojan that is impossible to refuse

    December 21, 2022

    The Android banking Trojan Godfather is currently being utilized by cybercriminals to attack users of popular financial services across the globe. Godfather is designed to allow threat actors to harvest login credentials for banking applications and other financial services, and drain the accounts. To date, its victims include users of over 400 international targets, including ...

  • Microsoft research uncovers new Zerobot capabilities

    December 21, 2022

    Botnet malware operations are a constantly evolving threat to devices and networks. Threat actors target Internet of Things (IoT) devices for recruitment into malicious operations as IoT devices’ configurations often leave them exposed, and the number of internet-connected devices continue to grow. Recent trends have shown that operators are redeploying malware for a variety of ...

  • Guardian hit by serious IT incident believed to be ransomware attack

    December 21, 2022

    The Guardian has been hit by a serious IT incident, which is believed to be a ransomware attack. The incident began late on Tuesday night and has affected parts of the company’s technology infrastructure, with staff told to work from home. There has also been some disruption to behind-the-scenes services. Read more… Source: The Guardian