Cybercriminals are finding new ways to trick people into compromising their own devices and accounts. One campaign used a sponsored ad on X to target Mac users, while another technique, dubbed ConsentFix, steals Microsoft 365 accounts without installing malware.
Researchers have discovered a ClickFix-style attack running as a sponsored advertisement on X. The ad was posted from a verified account, adding an extra layer of credibility to the scam.
ClickFix campaigns use convincing lures—historically fake “human verification” screens, and now a fake download for DynamicLake, a legitimate macOS utility that turns your MacBook’s notch into an unofficial but functional version of Apple’s Dynamic Island. This type of attack requires the user to paste a command from the clipboard, making it depend heavily on user interaction.
Read more…
Source: MalwareBytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- CISA, DOD, FBI expose new versions of Chinese malware strain named Taidoor
August 3, 2020
Three agencies of the US government have published today a joint alert alerting US private entities about new versions of Taidoor, a malware family previously associated with Chinese state-sponsored hackers. The alert has been authored by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (DHS CISA), the Department of Defense’s Cyber Command (CyberCom), and ...
- GandCrab ransomware distributor arrested in Belarus
August 3, 2020
In a press release last week, the Minister of Internal Affairs of Belarus announced the arrest of a 31-year-old man on charges of distributing the GandCrab ransomware. The man, whose name was not released, was arrested in Gomel, a small city in southeastern Belarus, at the intersection with the Russian and Ukraine border. Authorities said the man ...
- FBI sees surge in online shopping scams, FTC says most reports ever
August 3, 2020
The U.S. Federal Bureau of Investigation (FBI) today warned of an increased number of reports coming from victims of online shopping scams. The public service announcement, published on the agency’s Internet Crime Complaint Center (IC3), says that the scam victims report that they found the scammers’ websites either via direct searches on popular web search engines ...
- Take a “NetWalk” on the Wild Side
August 3, 2020
The NetWalker ransomware, initially known as Mailto, was first detected in August 2019. Since then, new variants were discovered throughout 2019 and the beginning of 2020, with a strong uptick noticed in March of this year. NetWalker has noticeably evolved to a more stable and robust ransomware-as-a-service (RaaS) model, and our research suggests that the malware ...
- Google: Eleven zero-days detected in the wild in the first half of 2020
August 3, 2020
According to data collected by Google’s Project Zero security team, there have been 11 zero-day vulnerabilities exploited in the wild in the first half of the year. The current number puts 2020 on track to have just as many zero-days as 2019 when Google security researchers said they tracked 20 zero-days all of last year. Details about ...
- How the FBI tracked down the Twitter hackers
August 1, 2020
After earlier today US law enforcement charged three individuals for the recent Twitter hack, with the help of court documents released by the DOJ, ZDNet was able to piece together a timeline of the hack, and how US investigators tracked down the three suspected hackers. The article below uses data from three indictments published today by the ...

