Verified X ad spreads Mac malware, while ConsentFix steals Microsoft accounts


Cybercriminals are finding new ways to trick people into compromising their own devices and accounts. One campaign used a sponsored ad on X to target Mac users, while another technique, dubbed ConsentFix, steals Microsoft 365 accounts without installing malware.

Researchers have discovered a ClickFix-style attack running as a sponsored advertisement on X. The ad was posted from a verified account, adding an extra layer of credibility to the scam.

ClickFix campaigns use convincing lures—historically fake “human verification” screens, and now a fake download for DynamicLake, a legitimate macOS utility that turns your MacBook’s notch into an unofficial but functional version of Apple’s Dynamic Island. This type of attack requires the user to paste a command from the clipboard, making it depend heavily on user interaction.

Read more…
Source:  MalwareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Major Twitter hack sees 5.4 million phone numbers and email addresses leaked on the dark web

    November 28, 2022

    More than 5.4 million Twitter user records, including personal phone numbers and email addresses, are up for grabs on the dark web in a massive data dump that some believe the Elon Musk-owned firm is attempting to cover up. The data dump was identified by Chad Loder, the founder of cyber security awareness company Habitu8, who ...

  • Decentralized Robbery: Dissecting the Nomad Bridge Hack and Following the Money

    November 28, 2022

    In this blog post, Mandiant takes a deeper look into how the Nomad bridge smart-contract was exploited and analyzes the on-chain transactions post-compromise using cybercrime prevention company Cyber Team Six’s (CT6) blockchain investigative software, CryptoVoyant. Background In early August 2022, the public observed yet another bridge attack, this time against the Nomad token bridge—a “bridge” allows interoperability ...

  • CISA Adds Two Known Exploited Vulnerabilities to Catalog

    November 28, 2022

    ISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added ...

  • Gangs of cybercriminals are expanding across Africa, investigators say

    November 27, 2022

    Police and investigators fear organised gangs of fraudsters are expanding across sub-Saharan Africa, exploiting new opportunities as a result of the Covid-19 pandemic and the global economic crisis to make huge sums with little risk of being caught. The growth will have a direct impact on the rest of the world, where many victims of “hugely ...

  • Ransomware gang targets Belgian municipality, hits police instead

    November 26, 2022

    The Ragnar Locker ransomware gang has published stolen data from what they thought was the municipality of Zwijndrecht, but turned out to be stolen from Zwijndrecht police, a local police unit in Antwerp, Belgium. The leaked data reportedly exposed thousands of car number plates, fines, crime report files, personnel details, investigation reports, and more. This type of ...

  • Iranian Hackers Installed Crypto Miner in Federal Agency After Exploiting Unpatched Log4Shell Vulnerability

    November 25, 2022

    The Cybersecurity and Infrastructure Security Agency (CISA) said Iranian hackers breached a federal agency that failed to patch the Log4Shell vulnerability and deployed a crypto miner. The Log4Shell vulnerability (CVE-2021-44228) is a critical remote code execution flaw on Apache’s Log4j logging library popular with Java developers. The breach that occurred as early as February 2022 impacted ...