Cybercriminals are finding new ways to trick people into compromising their own devices and accounts. One campaign used a sponsored ad on X to target Mac users, while another technique, dubbed ConsentFix, steals Microsoft 365 accounts without installing malware.
Researchers have discovered a ClickFix-style attack running as a sponsored advertisement on X. The ad was posted from a verified account, adding an extra layer of credibility to the scam.
ClickFix campaigns use convincing lures—historically fake “human verification” screens, and now a fake download for DynamicLake, a legitimate macOS utility that turns your MacBook’s notch into an unofficial but functional version of Apple’s Dynamic Island. This type of attack requires the user to paste a command from the clipboard, making it depend heavily on user interaction.
Read more…
Source: MalwareBytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- European Banking Authority discloses Exchange server hack
March 8, 2021
The European Banking Authority (EBA) took down all email systems after their Microsoft Exchange Servers were hacked as part of the ongoing attacks targeting organizations worldwide. EBA is part of the European System of Financial Supervision and it oversees the integrity orderly functioning of the EU banking sector. “The Agency has swiftly launched a full investigation, in ...
- Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks
March 8, 2021
A possible link to China has been noted by researchers examining the exploit of SolarWinds servers to deploy malware. On Monday, Secureworks’ counter threat unit (CTU) said that during late 2020, a compromised Internet-facing SolarWinds server was used as a springboard to deploy Supernova, a .NET web shell. Similar intrusions on the same network suggest that the ...
- Unpatched QNAP devices are being hacked to mine cryptocurrency
March 8, 2021
Unpatched network-attached storage (NAS) devices are targeted in ongoing attacks where the attackers try to take them over and install cryptominer malware to mine for cryptocurrency. The threat actors exploit two pre-auth remote command execution (RCE) vulnerabilities in the Helpdesk app patched by QNAP in October 2020. Cryptomining malware discovered on NAS devices compromised during this campaign ...
- D-Link, IoT Devices Under Attack By Tor-Based Gafgyt Variant
March 5, 2021
Researchers have discovered what they say is the first variant of the Gafgyt botnet family to cloak its activity using the Tor network. Gafgyt, a botnet that was uncovered in 2014, has become infamous for launching large-scale distributed denial-of-service (DDoS) attacks. Researchers first discovered activity from the newest variant, which they call Gafgyt_tor, on Feb. 15. In ...
- Accellion zero-day claims a new victim in cybersecurity company Qualys
March 4, 2021
Qualys has revealed that a “limited” number of customers may have been impacted by a data breach connected to an Accellion zero-day vulnerability. The cloud security and compliance firm said on Wednesday that the security incident did not have any “operational impact,” but “unauthorized access” had been obtained to an Accellion FTA server used by the ...
- New in Ransomware: AlumniLocker, Humble Feature Different Extortion Techniques
March 4, 2021
Trend Micro researchers recently discovered two new ransomware variants, AlumniLocker and Humble, which exhibit different sophisticated behaviors and extortion techniques post-encryption. One of these techniques includes an unusually high ransom payment and a threat to publicize victims’ critical data. These new variants prove that ransomware’s targeted and extortion-focused era is alive and well in 2021. Technical analyses AlumniLocker ...

