Verified X ad spreads Mac malware, while ConsentFix steals Microsoft accounts


Cybercriminals are finding new ways to trick people into compromising their own devices and accounts. One campaign used a sponsored ad on X to target Mac users, while another technique, dubbed ConsentFix, steals Microsoft 365 accounts without installing malware.

Researchers have discovered a ClickFix-style attack running as a sponsored advertisement on X. The ad was posted from a verified account, adding an extra layer of credibility to the scam.

ClickFix campaigns use convincing lures—historically fake “human verification” screens, and now a fake download for DynamicLake, a legitimate macOS utility that turns your MacBook’s notch into an unofficial but functional version of Apple’s Dynamic Island. This type of attack requires the user to paste a command from the clipboard, making it depend heavily on user interaction.

Read more…
Source:  MalwareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Ukraine’s DELTA military system users targeted by info-stealing malware

    December 19, 2022

    A compromised Ukrainian Ministry of Defense email account was found sending phishing emails and instant messages to users of the ‘DELTA’ situational awareness program to infect systems with information-stealing malware. The campaign was highlighted in a report today by CERT-UA (Computer Emergency Response Team of Ukraine), which warned Ukrainian military personnel of the malware attack. DELTA is ...

  • CVE-2022-41040 and CVE-2022-41082 – zero-days in MS Exchange

    December 19, 2022

    At the end of September, GTSC reported an attack on critical infrastructure that took place in August. During the investigation, experts found that two 0-day vulnerabilities in Microsoft Exchange Server were used in the attack. The first one, later identified as CVE-2022-41040, is a server-side request forgery (SSRF) vulnerability that allows an authenticated attacker to ...

  • A Closer Look at Windows Kernel Threats

    December 19, 2022

    Windows kernel threats have long been favored by malicious actors because it can allow them to obtain high-privileged access and detection evasion capabilities. These hard-to-banish threats are still crucial components in malicious campaigns’ kill chains to this day. In fact, SentinelOne recently discovered malicious actors abusing Microsoft-signed drivers in targeted attacks against organizations in the ...

  • API Vulnerabilities Discovered in LEGO Marketplace

    December 19, 2022

    Application programming interface (API) security vulnerabilities have been discovered in a LEGO resale platform owned by LEGO® Group, which could have put sensitive customer information at risk. An investigation by Salt Security’s research team, Salt Labs, found two API security flaws within BrickLink, an online marketplace to buy and sell LEGO parts, Minifigures and sets, which ...

  • Restaurant CRM platform ‘SevenRooms’ confirms breach after data for sale

    December 18, 2022

    Restaurant customer management platform SevenRooms has confirmed it suffered a data breach after a threat actor began selling stolen data on a hacking forum. SevenRooms is a restaurant customer relationship management (CRM) platform used by international restaurant chains and hospitality service providers, such as MGM Resorts, Bloomin’ Brands, Mandarin Oriental, Wolfgang Puck, and many more. On December ...

  • Glupteba malware is back in action after Google disruption

    December 17, 2022

    The Glupteba malware botnet has sprung back into action, infecting devices worldwide after its operation was disrupted by Google almost a year ago. In December 2021, Google managed to cause a massive disruption to the blockchain-enabled botnet, securing the court orders to take control of the botnet’s infrastructure and filing complaints against two Russian operators. Nozomi now ...