Malicious X Ad and ConsentFix Attack Target Mac and Windows Users

Attackers are exploiting a verified X ad to deliver Mac malware and using a new ConsentFix technique to steal Microsoft 365 account tokens.

CSBadmin
2 Min Read

ClickFix Attack via Sponsored X Ad

Cybercriminals are using a sponsored advertisement on X, posted from a verified account, to spread Mac malware. The ad promotes a fake download page for DynamicLake, a legitimate macOS utility, but redirects victims to the lookalike domain dynamicmacisland.com. There, users are tricked into opening Terminal and pasting commands that install the Atomic Stealer infostealer. This attack combines social engineering, lookalike domains, and paid advertising to reach a wide audience. The malicious ad has since been removed after researchers reported it.

ConsentFix Targets Microsoft 365 Accounts

A different technique, named ConsentFix, is targeting Windows users by stealing Microsoft 365 account tokens without installing malware. Instead of running malicious code, victims are lured into dragging a link, often hosted on trusted platforms like Dropbox, into their browser. This initiates a fake Microsoft sign-in page that harvests session tokens, giving attackers access to email and services without needing passwords or multi-factor authentication. The method has been shared on a Russian cybercrime forum, making it accessible to less experienced criminals.

How to Protect Yourself

Users should remain skeptical of unexpected links, even from verified accounts or trusted platforms, and avoid following unusual instructions. Always check the browser address bar before entering credentials and use an updated anti-malware solution with web protection to block malicious sites and phishing attempts.

Source: Malwarebytes

CSBadmin

The latest in cybersecurity news and updates.

Share This Article
Follow:
The latest in cybersecurity news and updates.