Verified X ad spreads Mac malware, while ConsentFix steals Microsoft accounts


Cybercriminals are finding new ways to trick people into compromising their own devices and accounts. One campaign used a sponsored ad on X to target Mac users, while another technique, dubbed ConsentFix, steals Microsoft 365 accounts without installing malware.

Researchers have discovered a ClickFix-style attack running as a sponsored advertisement on X. The ad was posted from a verified account, adding an extra layer of credibility to the scam.

ClickFix campaigns use convincing lures—historically fake “human verification” screens, and now a fake download for DynamicLake, a legitimate macOS utility that turns your MacBook’s notch into an unofficial but functional version of Apple’s Dynamic Island. This type of attack requires the user to paste a command from the clipboard, making it depend heavily on user interaction.

Read more…
Source:  MalwareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • As cyber criminals start targeting retail, companies must be ready to fight back

    December 20, 2022

    Given the current geopolitical situation, it’s easy to conflate cybersecurity with the war in Ukraine and bad actors overseas. Historically, cyber-attacks have traditionally been associated with nation states and hacktivists conducting high-profile attacks on high-profile targets to wreak havoc, make headlines, and draw attention to their cause. However, the current cyber-security landscape is far murkier ...

  • Raspberry Robin Malware Targets Telecom, Governments

    December 20, 2022

    Trend Micro researchers found a malware sample allegedly capable of connecting to the Tor network to deliver its payloads. Their initial analysis of the malware, which compromised a number of organizations toward the end of September, showed that while the main malware routine contains both the real and fake payloads, it loads the fake payload ...

  • Russia’s Trident Ursa (aka Gamaredon APT) Cyber Conflict Operations Unwavering Since Invasion of Ukraine

    December 20, 2022

    Since Unit 42 last blog in early February covering the advanced persistent threat (APT) group Trident Ursa (aka Gamaredon, UAC-0010, Primitive Bear, Shuckworm), Ukraine and its cyber domain has faced ever-increasing threats from Russia. Trident Ursa is a group attributed by the Security Service of Ukraine to Russia’s Federal Security Service. As the conflict has continued ...

  • XLLing in Excel – threat actors using malicious add-ins

    December 20, 2022

    For decades, Microsoft Office applications have served as one of the most significant entry points for malicious code. Malicious actors have continued to utilize Visual Basic for Applications (VBA) macros, despite automatic warnings to users after opening Office documents containing code. In addition to VBA macros, malicious actors, from cybercrime actors to state-sponsored groups, also exploited ...

  • Diving into an Old Exploit Chain and Discovering 3 new SIP-Bypass Vulnerabilities

    December 20, 2022

    More than two years ago, a researcher, A2nkF, published the details of an interesting exploit chain on the Objective-See blog. He demonstrated the exploit chain from root privilege escalation to SIP-Bypass up to arbitrary kernel extension loading. After diving into the second vulnerability of the exploit chain, Trend Micro researchers found that Apple’s patch for this issue is ...

  • Gatekeeper’s Achilles heel: Unearthing a macOS vulnerability

    December 19, 2022

    On July 27, 2022, Microsoft discovered a vulnerability in macOS that can allow attackers to bypass application execution restrictions imposed by Apple’s Gatekeeper security mechanism, designed to ensure only trusted apps run on Mac devices. We developed a proof-of-concept exploit to demonstrate the vulnerability, which we call “Achilles”. Gatekeeper bypasses such as this could be ...