Verified X ad spreads Mac malware, while ConsentFix steals Microsoft accounts


Cybercriminals are finding new ways to trick people into compromising their own devices and accounts. One campaign used a sponsored ad on X to target Mac users, while another technique, dubbed ConsentFix, steals Microsoft 365 accounts without installing malware.

Researchers have discovered a ClickFix-style attack running as a sponsored advertisement on X. The ad was posted from a verified account, adding an extra layer of credibility to the scam.

ClickFix campaigns use convincing lures—historically fake “human verification” screens, and now a fake download for DynamicLake, a legitimate macOS utility that turns your MacBook’s notch into an unofficial but functional version of Apple’s Dynamic Island. This type of attack requires the user to paste a command from the clipboard, making it depend heavily on user interaction.

Read more…
Source:  MalwareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • UK: Liz Truss’ and Cabinet Ministers’ mobile numbers are being sold online for £6.49

    October 2, 2022

    The personal mobile phone numbers of the Prime Minister and 25 of her Cabinet Ministers are being sold on the internet, The Mail on Sunday can reveal. They can be accessed on a shady US website charging just £6.49 for access to the information, which cyber experts warn could be used by China and Russia to ...

  • Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082

    October 1, 2022

    Added information about Exploit:Script/ExchgProxyRequest.A, Microsoft Defender AV’s robust detection for exploit behavior related to this threat. Microsoft also removed a section on MFA as a mitigation, which was included in a prior version of this blog as standard guidance. Microsoft is aware of limited targeted attacks using two reported zero-day vulnerabilities affecting Microsoft Exchange Server 2013, ...

  • Lazarus hackers abuse Dell driver bug using new FudModule rootkit

    October 1, 2022

    The notorious North Korean hacking group ‘Lazarus’ was seen installing a Windows rootkit that abuses a Dell hardware driver in a Bring Your Own Vulnerable Driver attack. The spear-phishing campaign unfolded in the autumn of 2021, and the confirmed targets include an aerospace expert in the Netherlands and a political journalist in Belgium. According to ESET, which ...

  • Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server

    September 30, 2022

    Microsoft is investigating two reported zero-day vulnerabilities affecting Microsoft Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019. The first one, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, and the second one, identified as CVE-2022-41082, allows Remote Code Execution (RCE) when PowerShell is accessible to the attacker. Currently, Microsoft is aware of ...

  • 12 senior Indonesian officials targeted by NSO software

    September 30, 2022

    More than 12 senior Indonesian military and government officials were targeted by software developed by Israeli cyber company NSO Group, Ynet reported on Thursday night, citing sources familiar with the matter, six of whom were interviewed by Reuters and said they had also been targeted by the software. The officials include Coordinating Minister for Economic Affairs ...

  • Witchetty: Group Uses Updated Toolset in Attacks on Governments in Middle East

    September 29, 2022

    The Witchetty espionage group (aka LookingFrog) has been progressively updating its toolset, using new malware in attacks on targets in the Middle East and Africa. Among the new tools being used by the group is a backdoor Trojan (Backdoor.Stegmap) that employs steganography, a rarely seen technique where malicious code is hidden within an image. In attacks ...