Cybercriminals are finding new ways to trick people into compromising their own devices and accounts. One campaign used a sponsored ad on X to target Mac users, while another technique, dubbed ConsentFix, steals Microsoft 365 accounts without installing malware.
Researchers have discovered a ClickFix-style attack running as a sponsored advertisement on X. The ad was posted from a verified account, adding an extra layer of credibility to the scam.
ClickFix campaigns use convincing lures—historically fake “human verification” screens, and now a fake download for DynamicLake, a legitimate macOS utility that turns your MacBook’s notch into an unofficial but functional version of Apple’s Dynamic Island. This type of attack requires the user to paste a command from the clipboard, making it depend heavily on user interaction.
Read more…
Source: MalwareBytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- An overview of targeted attacks and APTs on Linux
September 10, 2020
Perhaps unsurprisingly, a lot has been written about targeted attacks on Windows systems. Windows is, due to its popularity, the platform for which we discover most APT attack tools. At the same time, there’s a widely held opinion that Linux is a secure-by-default operating system that isn’t susceptible to malicious code. It’s certainly true that ...
- Ransomware: Huge rise in attacks this year as cyber criminals hunt bigger pay days
September 9, 2020
There’s been a huge increase in the number of ransomware attacks over the course of 2020, with a seven-fold rise in campaigns compared with just last year alone, according to newly released data from cybersecurity researchers. Ransomware attacks have been on the rise and getting more dangerous in recent years, with cyber criminals aiming to encrypt ...
- Strategic investment to secure smart factories
September 9, 2020
Security is undergoing a digital transformation in the manufacturing industry. As the fusion of the cyber world and the physical world progresses, various security issues are mounting. Manufacturing executives must view security as a management issue, not as a system issue. Is cyber security a cost or an investment? Trend Micro has published an ebook that focuses ...
- September Patch Tuesday Updates Exchange, SharePoint
September 9, 2020
This month’s update includes 129 updates for the Microsoft Office suite, with 15 specifically addressing SharePoint vulnerabilities. Of the total number, 23 have been rated Critical and 105 as Important. No zero days have been observed, but four vulnerabilities are under close scrutiny for their potential abuse. Specifically, CVE-2020-16875 can be exploited for remote code execution ...
- City of Hartford postpones first day of school after ransomware attack
September 8, 2020
Officials from the city of Hartford, Connecticut, were forced to postpone the first day of the new school calendar year after a ransomware infection impacted the city’s IT network. According to a statement published by Hartford Public Schools, the school district serving the city of Hartford, the ransomware attack impacted several of the school’s internal IT ...
- Netwalker ransomware hits Pakistan’s largest private power utility
September 8, 2020
K-Electric, the sole electricity provider for Karachi, Pakistan, has suffered a Netwalker ransomware attack that led to the disruption of billing and online services. K-Electric is Pakistan’s largest power supplier, serving 2.5 million customers and employing over 10 thousand people. Starting yesterday, K-Electric customers have been unable to access the online services for their account. To resolve this ...

