Verified X ad spreads Mac malware, while ConsentFix steals Microsoft accounts


Cybercriminals are finding new ways to trick people into compromising their own devices and accounts. One campaign used a sponsored ad on X to target Mac users, while another technique, dubbed ConsentFix, steals Microsoft 365 accounts without installing malware.

Researchers have discovered a ClickFix-style attack running as a sponsored advertisement on X. The ad was posted from a verified account, adding an extra layer of credibility to the scam.

ClickFix campaigns use convincing lures—historically fake “human verification” screens, and now a fake download for DynamicLake, a legitimate macOS utility that turns your MacBook’s notch into an unofficial but functional version of Apple’s Dynamic Island. This type of attack requires the user to paste a command from the clipboard, making it depend heavily on user interaction.

Read more…
Source:  MalwareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • TOP 10 unattributed APT mysteries

    October 7, 2022

    Targeted attack attribution is always a tricky thing, and in general, we believe that attribution is best left to law enforcement agencies. The reason is that, while in 90% of cases it is possible to understand a few things about the attackers, such as their native language or even location, the remaining 10% can lead ...

  • Initial access broker repurposing techniques in targeted attacks against Ukraine

    October 7, 2022

    As the war in Ukraine continues, TAG is tracking an increasing number of financially motivated threat actors targeting Ukraine whose activities seem closely aligned with Russian government-backed attackers. This post provides details on five different campaigns conducted from April to August 2022 by a threat actor whose activities overlap with a group CERT-UA tracks as ...

  • Fortinet warns admins to patch critical authentication bypass bug immediately

    October 7, 2022

    Fortinet has warned administrators to update FortiGate firewalls and FortiProxy web proxies to the latest versions, which address a critical severity vulnerability. The security flaw (tracked as CVE-2022-40684) is an authentication bypass on the administrative interface that could allow remote threat actors to log into unpatched devices. “An authentication bypass using an alternate path or channel ...

  • CISA Releases Three Industrial Control Systems Advisories

    October 7, 2022

    CISA has released three Industrial Control Systems (ICS) advisories on October 11, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-284-01 Altair HyperView Player ICSA-22-284-02 Daikin SVMPC1 and SVMPC2 ICSA-22-284-03 Sensormatic Electronics C-CURE 9000 Read more… Source: ...

  • Nonprofit hospital network suffers IT meltdown after ‘security incident’

    October 6, 2022

    America’s second-largest nonprofit healthcare org is suffering a security “issue” that has diverted ambulances and shut down electronic records systems at hospitals around the country. CommonSpirit Health, a Chicago-based organization that has more than 1,000 facilities and 140 hospitals across 21 states, this week copped to an “IT security issue” affecting “some” of its locations. The ...

  • BlackByte ransomware abuses legit driver to disable security products

    October 5, 2022

    The BlackByte ransomware gang is using a new technique that researchers are calling “Bring Your Own Driver,” which enables bypassing protections by disabling more than 1,000 drivers used by various security solutions. Recent attacks attributed to this group involved a version of the MSI Afterburner RTCore64.sys driver, which is vulnerable to a privilege escalation and code ...