Cybercriminals are finding new ways to trick people into compromising their own devices and accounts. One campaign used a sponsored ad on X to target Mac users, while another technique, dubbed ConsentFix, steals Microsoft 365 accounts without installing malware.
Researchers have discovered a ClickFix-style attack running as a sponsored advertisement on X. The ad was posted from a verified account, adding an extra layer of credibility to the scam.
ClickFix campaigns use convincing lures—historically fake “human verification” screens, and now a fake download for DynamicLake, a legitimate macOS utility that turns your MacBook’s notch into an unofficial but functional version of Apple’s Dynamic Island. This type of attack requires the user to paste a command from the clipboard, making it depend heavily on user interaction.
Read more…
Source: MalwareBytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- RATDispenser downloader delivers a ‘silent threat’ that wants to steal your passwords
November 26, 2021
Cyber criminals are using a new JavaScript downloader to distribute eight different kinds of remote access Trojan (RAT) malware and information-stealing malware in order to gain backdoor control of infected Windows systems, as well as steal usernames, passwords and other sensitive data. The downloader has been detailed by cybersecurity researchers at HP Wolf Security, who’ve called ...
- IT threat evolution Q3 2021
November 26, 2021
Last March, Kaspersky researchers reported a WildPressure campaign targeting industrial-related entities in the Middle East. While tracking this threat actor in spring 2021, they discovered a newer version. It contains the C++ Milum Trojan, a corresponding VBScript variant and a set of modules that include an orchestrator and three plugins. This confirms Kaspersky previous assumption ...
- BazarLoader Adds Compromised Installers, ISO to Arrival and Delivery Vectors
November 25, 2021
We continue monitoring the campaigns using information stealer BazarLoader (detected by Trend Micro as TrojanSpy.Win64.BAZARLOADER, TrojanSpy.Win64.BAZARLOADER, and Backdoor.Win64.BAZARLOADER). While InfoSec forums have noted the spike in detections during the third quarter, we noticed two new arrival mechanisms included in the existing roster of delivery techniques that malicious actors abused for data theft and ransomware. One of ...
- UK government transport website caught showing porn
November 25, 2021
A UK Department for Transport (DfT) website was caught serving porn earlier today. The particular DfT subdomain behind the mishap, on most days, provides vital DfT statistics for the public and the department’s business plan. Racy traffic ahead The UK DfT’s charts.dft.gov.uk website was seen serving porn today, as confirmed by BleepingComputer. Read more… Source: Bleeping Computer
- CronRAT, Linux remote access trojan hides behind the invalid date, February 31.
November 25, 2021
Security researchers have discovered a new remote access trojan (RAT) for Linux that keeps an almost invisible profile by hiding in tasks scheduled for execution on a non-existent day, February 31st. Dubbed CronRAT, the malware is currently targeting web stores and enables attackers to steal credit card data by deploying online payment skimmers on Linux servers. Characterized ...
- Sophisticated Tardigrade malware launches attacks on vaccine manufacturing infrastructure
November 25, 2021
Security researchers are warning biomanufacturing facilities around the world that they are being targeted by a sophisticated new strain of malware, known as Tardigrade. The warning comes from the non-profit Bioeconomy Information Sharing and Analysis Center (BIO-ISAC) which revealed that at least two large facilities working on manufacturing bio-drugs and vaccines have been hit by the ...

