Cybercriminals are finding new ways to trick people into compromising their own devices and accounts. One campaign used a sponsored ad on X to target Mac users, while another technique, dubbed ConsentFix, steals Microsoft 365 accounts without installing malware.
Researchers have discovered a ClickFix-style attack running as a sponsored advertisement on X. The ad was posted from a verified account, adding an extra layer of credibility to the scam.
ClickFix campaigns use convincing lures—historically fake “human verification” screens, and now a fake download for DynamicLake, a legitimate macOS utility that turns your MacBook’s notch into an unofficial but functional version of Apple’s Dynamic Island. This type of attack requires the user to paste a command from the clipboard, making it depend heavily on user interaction.
Read more…
Source: MalwareBytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Security Flaws in WPA3 Protocol Let Attackers Hack WiFi Password
April 10, 2019
Breaking — It has been close to just one year since the launch of next-generation Wi-Fi security standard WPA3 and researchers have unveiled several serious vulnerabilities in the wireless security protocol that could allow attackers to recover the password of the Wi-Fi network. WPA, or Wi-Fi Protected Access, is a standard designed to authenticate wireless devices using the Advanced ...
- Dropbox uncovers 264 vulnerabilities in HackerOne Singapore bug hunt
April 6, 2019
Dropbox has uncovered 264 vulnerabilities, paying out $319,300 in bounties, after a one-day bug hunt in Singapore that brought together hackers from 10 nations around the world. Hosted by bug bounty platform HackerOne, the live event saw 45 of its members from countries such as Japan, India, Australia, Hong Kong, and Sweden, and some as ...
- Exodus Spyware Found Targeting Apple iOS Users
April 5, 2019
The surveillance tool was signed with legitimate Apple developer certificates. The spyware that was recently found lurking in 25 different malicious apps on Google Play has been ported to the Apple iOS ecosystem. The surveillance package – dubbed Exodus – can exfiltrate contacts, take audio recordings and photos, track location data and more on mobile devices. Earlier ...
- Backdoor code found in popular Bootstrap-Sass Ruby library
April 5, 2019
Backdoor code was found added in a popular Ruby library used for frontend user interfaces inside Ruby and Ruby on Rails applications. The malicious code was removed via a library update. The library affected by this incident is Bootstrap-Sass, a Ruby package that provides developers with a Sass-version of Bootstrap, the most popular UI framework for developers today. The backdoor’s ...
- LokiBot Trojan Spotted Hitching a Ride Inside .PNG Files
April 5, 2019
Spam campaign features obfuscated .zipx archive that unpacks LokiBot attack. A spam campaign pushing the info-stealing LokiBot trojan leverages a novel technique to avoid detection. According to researchers, the spam messages include malicious .zipx attachment hidden inside a .PNG file that can slip past some email security gateways. According to Trustwave SpiderLabs, that first spotted the .PNG/LokiBot ...
- A dozen US web servers are spreading 10 malware families, Necurs link suspected
April 4, 2019
Researchers have uncovered over a dozen servers, unusually registered in the United States, which are hosting ten different malware families spread through phishing campaigns potentially tied to the Necurs botnet. On Thursday, researchers from Bromium said they have monitored scams connected to this infrastructure during the May 2018 to March 2019 time period. Five families of banking ...

