CyberSecurity news

FlagThis - #scams

info@thehackernews.com (The@The Hacker News //
A new cybersecurity threat, dubbed Hazy Hawk, has emerged, exploiting misconfigured DNS records to hijack abandoned cloud resources. Since at least December 2023, the threat actor has been using DNS CNAME hijacking to seize control of abandoned cloud endpoints belonging to reputable organizations, including Amazon S3 buckets and Microsoft Azure endpoints. By registering new cloud resources with the same names as the abandoned ones, Hazy Hawk redirects traffic to malicious sites, incorporating these hijacked domains into large-scale scam delivery and traffic distribution systems (TDS). This allows them to distribute scams, fake applications, and malware to unsuspecting users, leveraging the trust associated with the original domains.

Infoblox researchers first detected Hazy Hawk's activities in February 2025, when the group successfully took control of subdomains belonging to the U.S. Centers for Disease Control (CDC). Further investigation revealed that global government agencies, major universities, and international corporations such as Deloitte and PricewaterhouseCoopers have also been targeted. Hazy Hawk scans for domains with CNAME records pointing to abandoned cloud endpoints, determining this through passive DNS data validation. They then register a new cloud resource with the same name, causing the original domain's subdomain to resolve to the attacker's controlled resource.

The attack chains often involve cloning legitimate websites to appear trustworthy, and URL obfuscation techniques are employed to hide malicious destinations. Hazy Hawk uses hijacked domains to host malicious URLs that redirect users to scams and malware. What makes Hazy Hawk's operations particularly concerning is the use of trusted domains to serve malicious content, enabling them to bypass detection and exploit the reputation of high-profile entities. Cybersecurity experts advise organizations to diligently monitor and manage their DNS records, ensuring that CNAME records pointing to abandoned cloud resources are removed to prevent unauthorized domain hijacking.

Recommended read:
References :
  • BleepingComputer: Threat actors have been using DNS CNAME hijacking to hijack abandoned cloud endpoints of domains belonging to trusted organizations and incorporate them in large-scale scam delivery and traffic distribution systems (TDSes).
  • BleepingComputer: Hazy Hawk gang exploits DNS misconfigs to hijack trusted domains
  • The Hacker News: Hazy Hawk Exploits DNS Records to Hijack CDC, Corporate Domains for Malware Delivery
  • hackread.com: Infoblox reveals Hazy Hawk, a new threat exploiting abandoned cloud resources (S3, Azure) and DNS gaps since Dec…
  • The DefendOps Diaries: Explore Hazy Hawk's DNS hijacking tactics and learn how to protect your domains from this emerging cybersecurity threat.
  • bsky.app: A threat actor named 'Hazy Hawk' has been using DNS CNAME hijacking to hijack abandoned cloud endpoints of domains belonging to trusted organizations and incorporate them in large-scale scam delivery and traffic distribution systems (TDS).
  • www.bleepingcomputer.com: Hazy Hawk has been observed hijacking abandoned cloud resources.
  • Virus Bulletin: Researchers Jacques Portal & Renée Burton look into Hazy Hawk, a threat actor that hijacks abandoned cloud resources of high-profile organizations.
  • blogs.infoblox.com: Hazy Hawk is a threat actor that hijacks abandoned cloud resources of high-profile organizations.
  • www.scworld.com: Misconfigured DNS, neglected cloud assets harnessed in Hazy Hawk domain hijacking attacks
  • Infoblox Blog: Cloudy with a Chance of Hijacking Forgotten DNS Records Enable Scam Actor
  • DomainTools: Report on the threat actor's tactics and techniques, including targeting abandoned cloud resources.
  • Security Risk Advisors: Hazy Hawk Actor Hijacks Abandoned Cloud DNS Records of High-Profile Organizations for Scam Distribution
  • cyble.com: Cyble reports on Hazy Hawk campaign hijacks abandoned cloud DNS records from CDC, Berkeley, & 100+ major orgs to distribute scams.
  • BleepingComputer: Hazy Hawk exploits abandoned cloud resources from high-profile organizations to distribute scams and malware through traffic distribution systems (TDSes).
  • cyberscoop.com: Coordinated effort took down seven kinds of malware and targeted initial access brokers.
  • securityonline.info: A significant takedown neutralized ransomware delivery and initial access malware infrastructure.
  • BleepingComputer: International law enforcement took down hundreds of servers and domains.

info@thehackernews.com (The@The Hacker News //
Google is enhancing its defenses against online scams by integrating AI-powered systems across Chrome, Search, and Android platforms. The company announced it will leverage Gemini Nano, its on-device large language model (LLM), to bolster Safe Browsing capabilities within Chrome 137 on desktop computers. This on-device approach offers real-time analysis of potentially dangerous websites, enabling Google to safeguard users from emerging scams that may not yet be included in traditional blocklists or threat databases. Google emphasizes that this proactive measure is crucial, especially considering the fleeting lifespan of many malicious sites, often lasting less than 10 minutes.

The integration of Gemini Nano in Chrome allows for the detection of tech support scams, which commonly appear as misleading pop-ups designed to trick users into believing their computers are infected with a virus. These scams often involve displaying a phone number that directs users to fraudulent tech support services. The Gemini Nano model analyzes the behavior of web pages, including suspicious browser processes, to identify potential scams in real-time. The security signals are then sent to Google’s Safe Browsing online service for a final assessment, determining whether to issue a warning to the user about the possible threat.

Google is also expanding its AI-driven scam detection to identify other fraudulent schemes, such as those related to package tracking and unpaid tolls. These features are slated to arrive on Chrome for Android later this year. Additionally, Google revealed that its AI-powered scam detection systems have become significantly more effective, ensnaring 20 times more deceptive pages and blocking them from search results. This has led to a substantial reduction in scams impersonating airline customer service providers (over 80%) and those mimicking official resources like visas and government services (over 70%) in 2024.

Recommended read:
References :
  • The Hacker News: Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
  • BleepingComputer: Google is implementing a new Chrome security feature that uses the built-in 'Gemini Nano' large-language model (LLM) to detect and block tech support scams while browsing the web.
  • Davey Winder: Mobile malicious, misleading, spammy or scammy — Google fights back against Android attacks with new AI-powered notification protection.
  • www.zdnet.com: How Google's AI combats new scam tactics - and how you can stay one step ahead
  • The Hacker News: Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
  • www.eweek.com: Google’s Scam-Fighting Efforts Just Got Accelerated, Thanks to AI
  • www.techradar.com: Tired of scams? Google is enlisting AI to protect you in Chrome, Google Search, and on Android.
  • www.tomsguide.com: Google is keeping you safe from scams across search and your smartphone
  • bsky.app: Google is implementing a new Chrome security feature that uses the built-in 'Gemini Nano' large-language model (LLM) to detect and block tech support scams while browsing the web.
  • PCMag UK security: Google's Chrome Browser Taps On-Device AI to Catch Tech Support Scams
  • thecyberexpress.com: Google is betting on AI
  • The Tech Portal: Google to deploy Gemini Nano AI for real-time scam protection in Chrome
  • Malwarebytes: Google announced it will equip Chrome with an AI driven method to detect and block Tech Support Scam websites
  • cyberinsider.com: Google plans to introduce a new security feature in Chrome 137 that uses on-device AI to detect tech support scams in real time.
  • The DefendOps Diaries: Google Chrome's AI-Powered Defense Against Tech Support Scams
  • gbhackers.com: Google Chrome Uses Advanced AI to Combat Sophisticated Online Scams
  • security.googleblog.com: Using AI to stop tech support scams in Chrome
  • cyberpress.org: Chrome 137 Adds Gemini Nano AI to Combat Tech Support Scams
  • thecyberexpress.com: Google Expands On-Device AI to Counter Evolving Online Scams
  • CyberInsider: Details on Google Chrome for Android deploying on-device AI to tackle tech support scams.
  • iHLS: discusses Chrome adding on-device AI to detect scams in real time.
  • www.ghacks.net: Google integrates local Gemini AI into Chrome browser for scam protection.
  • gHacks Technology News: Scam Protection: Google integrates local Gemini AI into Chrome browser
  • www.scworld.com: Google to deploy AI-powered scam detection in Chrome

info@thehackernews.com (The@The Hacker News //
Google is integrating its Gemini Nano AI model into the Chrome browser to provide real-time scam protection for users. This enhancement focuses on identifying and blocking malicious websites and activities as they occur, addressing the challenge posed by scam sites that often exist for only a short period. The integration of Gemini Nano into Chrome's Enhanced Protection mode, available since 2020, allows for the analysis of website content to detect subtle signs of scams, such as misleading pop-ups or deceptive tactics.

When a user visits a potentially dangerous page, Chrome uses Gemini Nano to evaluate security signals and determine the intent of the site. This information is then sent to Safe Browsing for a final assessment. If the page is deemed likely to be a scam, Chrome will display a warning to the user, providing options to unsubscribe from notifications or view the blocked content while also allowing users to override the warning if they believe it's unnecessary. This system is designed to adapt to evolving scam tactics, offering a proactive defense against both known and newly emerging threats.

The AI-powered scam detection system has already demonstrated its effectiveness, reportedly catching 20 times more scam-related pages than previous methods. Google also plans to extend this feature to Chrome on Android devices later this year, further expanding protection to mobile users. This initiative follows criticism regarding Gmail phishing scams that mimic law enforcement, highlighting Google's commitment to improving online security across its platforms and safeguarding users from fraudulent activities.

Recommended read:
References :
  • Search Engine Journal: How Google Protects Searchers From Scams: Updates Announced
  • www.zdnet.com: How Google's AI combats new scam tactics - and how you can stay one step ahead
  • cyberinsider.com: Google Chrome Deploys On-Device AI to Tackle Tech Support Scams
  • The Hacker News: Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
  • The Hacker News: Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
  • Davey Winder: Google Confirms Android Attack Warnings — Powered By AI
  • securityonline.info: Chrome 137 Uses On-Device Gemini Nano AI to Combat Tech Support Scams
  • BleepingComputer: Google is implementing a new Chrome security feature that uses the built-in 'Gemini Nano' large-language model (LLM) to detect and block tech support scams while browsing the web. [...]
  • The Official Google Blog: How we’re using AI to combat the latest scams
  • The Tech Portal: Google to deploy Gemini Nano AI for real-time scam protection in Chrome
  • www.tomsguide.com: Google is keeping you safe from scams across search and your smartphone
  • www.eweek.com: Google’s Scam-Fighting Efforts Just Got Accelerated, Thanks to AI
  • the-decoder.com: Google deploys AI in Chrome to detect and block online scams.
  • www.techradar.com: Tired of scams? Google is enlisting AI to protect you in Chrome, Google Search, and on Android.
  • Daily CyberSecurity: Chrome 137 Uses On-Device Gemini Nano AI to Combat Tech Support Scams
  • PCMag UK security: Google's Chrome Browser Taps On-Device AI to Catch Tech Support Scams
  • Analytics India Magazine: Google Chrome to Use AI to Stop Tech Support Scams
  • eWEEK: Google’s Scam-Fighting Efforts Just Got Accelerated, Thanks to AI
  • bsky.app: Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
  • The Hacker News: Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
  • The DefendOps Diaries: Google Chrome's AI-Powered Defense Against Tech Support Scams
  • gHacks Technology News: Scam Protection: Google integrates local Gemini AI into Chrome browser
  • Malwarebytes: Google Chrome will use AI to block tech support scam websites
  • security.googleblog.com: Using AI to stop tech support scams in Chrome
  • iHLS: Chrome Adds On-Device AI to Detect Scams in Real Time
  • bsky.app: Google will use on-device LLMs to detect potential tech support scams and alert Chrome users to possible dangers
  • bsky.app: Google's #AI tools that protect against scammers: https://techcrunch.com/2025/05/08/google-rolls-out-ai-tools-to-protect-chrome-users-against-scams/ #ArtificialIntelligence
  • www.searchenginejournal.com: How Google Protects Searchers From Scams: Updates Announced

@gbhackers.com //
References: gbhackers.com , Malwarebytes ,
Cybercriminals are increasingly employing sophisticated tactics to bypass traditional security measures and ensnare unsuspecting users in phishing scams. One notable trend is the use of benign-worded email subjects such as "request," "forward," and "report" to lower suspicion. Additionally, attackers are leveraging URL shorteners and QR codes to mask malicious links, making it harder for users and security systems to identify threats. These techniques allow cybercriminals to evade detection and increase the likelihood of successful attacks aimed at stealing personal and financial information.

Tax-themed phishing campaigns are surging as the United States approaches Tax Day on April 15th. Microsoft has observed threat actors exploiting tax-related anxieties through emails containing malicious attachments. These attachments frequently include QR codes that redirect users to fake login pages designed to steal credentials. In other instances, attackers embed DoubleClick URLs in PDF attachments that redirect users through shortened links to fake DocuSign pages, serving either malicious JavaScript files leading to malware installation or benign decoy files based on filtering rules.

The malware families being deployed in these campaigns are becoming increasingly advanced. Latrodectus, for example, features dynamic command-and-control configurations and anti-analysis capabilities, allowing attackers to execute Windows commands remotely and establish persistence through scheduled tasks. BruteRatel C4 (BRc4), originally designed for red-teaming exercises, is being exploited for post-exploitation activities, enabling attackers to bypass security defenses. According to Kendall McKay, strategic lead for cyber threat intelligence at Cisco’s Talos division, phishing scams are constantly evolving to maintain their effectiveness.

Recommended read:
References :
  • gbhackers.com: Hackers Use URL Shorteners and QR Codes in Tax-Themed Phishing Attacks
  • Malwarebytes: QR codes sent in attachments are the new favorite for phishers
  • www.cysecurity.news: Phishing Scams Are Getting Smarter – And More Subtle : Here’s All You Need to Know

@cyberalerts.io //
The FBI has issued a warning about the rising trend of cybercriminals using fake file converter tools to distribute malware. These tools, often advertised as free online document converters, are designed to trick users into downloading malicious software onto their computers. While these tools may perform the advertised file conversion, they also secretly install malware that can lead to identity theft, ransomware attacks, and the compromise of sensitive data.

The threat actors exploit various file converter or downloader tools, enticing users with promises of converting files from one format to another, such as .doc to .pdf, or combining multiple files. The malicious code, disguised as a file conversion utility, can scrape uploaded files for personal identifying information, including social security numbers, banking information, and cryptocurrency wallet addresses. The FBI advises users to be cautious of such tools and report any instances of this scam to protect their assets.

The FBI Denver Field Office is warning that they are increasingly seeing scams involving free online document converter tools and encourages victims to report any instances of this scam. Malwarebytes has identified some of these suspect file converters, which include Imageconvertors.com, convertitoremp3.it, convertisseurs-pdf.com and convertscloud.com. The agency emphasized the importance of educating individuals about these threats to prevent them from falling victim to these scams.

Recommended read:
References :
  • Talkback Resources: FBI warns of malware-laden websites posing as free file converters, leading to ransomware attacks and data theft.
  • gbhackers.com: Beware! Malware Hidden in Free Word-to-PDF Converters
  • www.bitdefender.com: Free file converter malware scam “rampantâ€� claims FBI
  • Malwarebytes: Warning over free online file converters that actually install malware
  • bsky.app: Free file converter malware scam "rampant" claims FBI.
  • bsky.app: @bushidotoken.net has dug up some IOCs for the FBI's recent warning about online file format converters being used to distribute malware
  • Help Net Security: FBI: Free file converter sites and tools deliver malware
  • www.techradar.com: Free online file converters could infect your PC with malware, FBI warns
  • bsky.app: Free file converter malware scam "rampant" claims FBI.
  • Security | TechRepublic: Scam Alert: FBI ‘Increasingly Seeing’ Malware Distributed In Document Converters
  • securityaffairs.com: The FBI warns of a significant increase in scams involving free online document converters to infect users with malware. The FBI warns that threat actors use malicious online document converters to steal users’ sensitive information and infect their systems with malware.
  • The DefendOps Diaries: FBI warns against fake file converters spreading malware and stealing data. Learn how to protect yourself from these cyber threats.
  • PCMag UK security: PSA: Be Careful Around Free File Converters, They Might Contain Malware
  • www.bleepingcomputer.com: FBI warnings are true—fake file converters do push malware
  • www.techradar.com: FBI warns some web-based file management services are not as well-intentioned as they seem.
  • www.csoonline.com: Improvements Microsoft has made to Office document security that disable macros and other embedded malware by default has forced criminals to up their innovation game, a security expert said Monday.
  • www.itpro.com: Fake file converter tools are on the rise – here’s what you need to know
  • Cyber Security News: The FBI Denver Field Office has warned sternly about the rising threat of malicious online file converter tools. These seemingly harmless services, often advertised as free tools to convert or merge files, are being weaponized by cybercriminals to install malware on users’ computers. This malware can have devastating consequences, including ransomware attacks and identity theft. […]