Verified X ad spreads Mac malware, while ConsentFix steals Microsoft accounts


Cybercriminals are finding new ways to trick people into compromising their own devices and accounts. One campaign used a sponsored ad on X to target Mac users, while another technique, dubbed ConsentFix, steals Microsoft 365 accounts without installing malware.

Researchers have discovered a ClickFix-style attack running as a sponsored advertisement on X. The ad was posted from a verified account, adding an extra layer of credibility to the scam.

ClickFix campaigns use convincing lures—historically fake “human verification” screens, and now a fake download for DynamicLake, a legitimate macOS utility that turns your MacBook’s notch into an unofficial but functional version of Apple’s Dynamic Island. This type of attack requires the user to paste a command from the clipboard, making it depend heavily on user interaction.

Read more…
Source:  MalwareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • iPhone WiFi bug morphs into zero-click hacking, but there’s a fix

    July 19, 2021

    Security researchers investigating a bug that crashed the Wifi service on iPhones found that it could be exploited for remote code execution without user interaction. When initially disclosed, the bug could disable an iPhone’s WiFi connection after trying to connect to a network with a name (SSID) that included a special character. Read more… Source: Bleeping Computer  

  • UK and White House blame China for Microsoft Exchange Server hack

    July 19, 2021

    The UK government has formally laid the blame for the Microsoft Exchange Server cyberattack at the feet of China. On Monday, the government joined others — including the victim company itself, Microsoft — in claiming the cyberattack was the work of Chinese state-sponsored hackers, namely Hafnium, an advanced persistent threat (APT) group. The United States, NATO, and ...

  • Ecuador’s state-run CNT telco hit by RansomEXX ransomware

    July 17, 2021

    Ecuador’s state-run Corporación Nacional de Telecomunicación (CNT) has suffered a ransomware attack that has disrupted business operations, the payment portal, and customer support. CNT is Ecuador’s state-run telecommunication carrier that offers fixed-line phone service, mobile, satellite TV, and internet connectivity. Read more… Source: Bleeping Computer  

  • Microsoft: New Unpatched Bug in Windows Print Spooler

    July 16, 2021

    Another vulnerability separate from PrintNightmare allows for local elevation of privilege and system takeover. Microsoft has warned of yet another vulnerability that’s been discovered in its Windows Print Spooler that can allow attackers to elevate privilege to gain full user rights to a system. The advisory comes on the heels of patching two other remote code-execution ...

  • Bug bounty platform urges need for firms to have vulnerability disclosure policy

    July 16, 2021

    Organisations should provide a proper channel through which anyone can report vulnerabilities in their systems. This will ensure potential security holes can be identified and plugged before they are exploited. Establishing a vulnerability disclosure policy (VDP) also would provide assurance to anyone, such as security researchers, acting in good faith that they would not face prosecution ...

  • Windows 0-Days Used Against Dissidents in Israeli Broker’s Spyware

    July 16, 2021

    A set of unique spyware strains created by an Israeli firm and allegedly used by governments around the world to surveil dissidents has been defanged by Microsoft, the software giant said. The private company, called variously Candiru, Grindavik, Saito Tech and Taveta (and dubbed “Sourgum” by Microsoft), reportedly sells its wares exclusively to governments, according to ...