CyberSecurity news
FlagThis - #users
|
Michael Kan@PCMag Middle East ai
//
A new cyber threat has emerged, targeting users eager to experiment with the DeepSeek AI model. Cybercriminals are exploiting the popularity of open-source AI by disguising malware as a legitimate installer for DeepSeek-R1. Unsuspecting victims are unknowingly downloading "BrowserVenom" malware, a malicious program designed to steal stored credentials, session cookies, and gain access to cryptocurrency wallets. This sophisticated attack highlights the growing trend of cybercriminals leveraging interest in AI to distribute malware.
This attack vector involves malicious Google ads that redirect users to a fake DeepSeek domain when they search for "deepseek r1." The fraudulent website, designed to mimic the official DeepSeek page, prompts users to download a file named "AI_Launcher_1.21.exe." Once executed, the installer displays a fake installation screen while silently installing BrowserVenom in the background. Security experts at Kaspersky have traced the threat and identified that the malware reconfigures browsers to route traffic through a proxy server controlled by the hackers, enabling them to intercept sensitive data. Kaspersky's investigation revealed that the BrowserVenom malware can evade many antivirus programs and has already infected computers in various countries, including Brazil, Cuba, Mexico, India, Nepal, South Africa, and Egypt. The analysis of the phishing and distribution websites revealed Russian-language comments within the source code, suggesting the involvement of Russian-speaking threat actors. This incident serves as a reminder to verify the legitimacy of websites and software before downloading, especially when dealing with open-source AI tools that require multiple installation steps. Recommended read:
References :
Pierluigi Paganini@securityaffairs.com
//
OpenAI is facing scrutiny over its ChatGPT user logs due to a recent court order mandating the indefinite retention of all chat data, including deleted conversations. This directive stems from a lawsuit filed by The New York Times and other news organizations, who allege that ChatGPT has been used to generate copyrighted news articles. The plaintiffs believe that even deleted chats could contain evidence of infringing outputs. OpenAI, while complying with the order, is appealing the decision, citing concerns about user privacy and potential conflicts with data privacy regulations like the EU's GDPR. The company emphasizes that this retention policy does not affect ChatGPT Enterprise or ChatGPT Edu customers, nor users with a Zero Data Retention agreement.
Sam Altman, CEO of OpenAI, has advocated for what he terms "AI privilege," suggesting that interactions with AI should be afforded the same privacy protections as communications with professionals like lawyers or doctors. This stance comes as OpenAI faces criticism for not disclosing to users that deleted and temporary chat logs were being preserved since mid-May in response to the court order. Altman argues that retaining user chats compromises their privacy, which OpenAI considers a core principle. He fears that this legal precedent could lead to a future where all AI conversations are recorded and accessible, potentially chilling free expression and innovation. In addition to privacy concerns, OpenAI has identified and addressed malicious campaigns leveraging ChatGPT for nefarious purposes. These activities include the creation of fake IT worker resumes, the dissemination of misinformation, and assistance in cyber operations. OpenAI has banned accounts linked to ten such campaigns, including those potentially associated with North Korean IT worker schemes, Beijing-backed cyber operatives, and Russian malware distributors. These malicious actors utilized ChatGPT to craft application materials, auto-generate resumes, and even develop multi-stage malware. OpenAI is actively working to combat these abuses and safeguard its platform from being exploited for malicious activities. Recommended read:
References :
@gbhackers.com
//
The Haozi Phishing-as-a-Service (PhaaS) platform has resurfaced, marking a concerning development in the cybercrime landscape. This Chinese-language operation distinguishes itself with its ease of use, comprehensive customer support, and a cartoon mouse mascot, lowering the barrier to entry for aspiring cybercriminals. Haozi provides a "plug-and-play" system, transforming complex phishing campaigns into point-and-click operations accessible to those with minimal technical expertise. The platform boasts a fully automated, web-based control panel, enabling users to manage multiple phishing campaigns, filter traffic, view stolen credentials, and fine-tune attack behavior.
Haozi's business model resembles legitimate software companies, offering a subscription plan and a-la-carte sales. Transactions are conducted using Tether (USDT), with the associated wallet having processed over $280,000 to date. The platform also monetizes the broader attack ecosystem by selling advertising space that connects buyers to third-party services such as SMS gateways. This allows Haozi to act as a middleman, generating revenue not only from phishing kits but also from ancillary services. According to reports, the Haozi platform immediately gained nearly 2,000 followers on Telegram after its initial community on the encrypted messaging app was dismantled. What sets Haozi apart is its fully automated installation process. Attackers simply input their server credentials into a hosted installation page, and the system automatically deploys a phishing site and admin dashboard, eliminating the need for command-line setup or server configuration. The kits themselves simulate real user experiences, with phishing templates mimicking bank verification and credit card prompts with response logic. For example, after capturing credit card details, the operator may decide to request a 2FA code based on the response received from a card transaction attempt. The resurgence of Haozi highlights the escalating threat presented by PhaaS networks and underscores the need for intensified cybersecurity training programs. Recommended read:
References :
Nick Lucchesi@laptopmag.com
//
OpenAI is planning to evolve ChatGPT into a "super-assistant" that understands users deeply and becomes their primary interface to the internet. A leaked internal document, titled "ChatGPT: H1 2025 Strategy," reveals that the company envisions ChatGPT as an "entity" that users rely on for a vast range of tasks, seamlessly integrated into various aspects of their daily lives. This includes tasks like answering questions, finding a home, contacting a lawyer, planning vacations, managing calendars, and sending emails, all aimed at making life easier for the user.
The document, dated in late 2024, describes the "super-assistant" as possessing "T-shaped skills," meaning it has broad capabilities for tedious daily tasks and deep expertise for more complex tasks like coding. OpenAI aims to make ChatGPT personalized and available across various platforms, including its website, native apps, phones, email, and even third-party surfaces like Siri. The goal is for ChatGPT to act as a smart, trustworthy, and emotionally intelligent assistant capable of handling any task a person with a computer could do. While the first half of 2025 was focused on building ChatGPT as a "super assistant", plans are now shifting to generating "enough monetizable demand to pursue these new models." OpenAI sees ChatGPT less as a tool and more as a companion for surfing the web, helping with everything from taking meeting notes and preparing presentations to catching up with friends and finding the best restaurant. The company's vision is for ChatGPT to be an integral part of users' lives, accessible no matter where they are. Recommended read:
References :
@blog.checkpoint.com
//
Microsoft has revealed that Lumma Stealer malware has infected over 394,000 Windows computers across the globe. This data-stealing malware has been actively employed by financially motivated threat actors targeting various industries. Microsoft Threat Intelligence has been tracking the growth and increasing sophistication of Lumma Stealer for over a year, highlighting its persistent threat in the cyber landscape. The malware is designed to harvest sensitive information from infected systems, posing a significant risk to users and organizations alike.
Microsoft, in collaboration with industry partners and international law enforcement, has taken action to disrupt the infrastructure supporting Lumma Stealer. However, the developers behind the malware are reportedly making significant efforts to restore servers and bring the operation back online, indicating the tenacity of the threat. Despite these efforts, security researchers note that the Lumma Stealer operation has suffered reputational damage, potentially making it harder to regain trust among cybercriminals. In related news, a new Rust-based information stealer called EDDIESTEALER is actively spreading through fake CAPTCHA campaigns, using the ClickFix social engineering tactic to trick users into running malicious PowerShell scripts. EDDIESTEALER targets crypto wallets, browser data, and credentials, demonstrating a continued trend of malware developers utilizing Rust for its enhanced stealth and stability. These developments underscore the importance of vigilance and robust cybersecurity practices to protect against evolving malware threats. Recommended read:
References :
@securityonline.info
//
Elastic Security Labs has identified a new information stealer called EDDIESTEALER, a Rust-based malware distributed through fake CAPTCHA campaigns. These campaigns trick users into executing malicious PowerShell scripts, which then deploy the infostealer onto their systems. EDDIESTEALER is hosted on multiple adversary-controlled web properties and employs the ClickFix social engineering tactic, luring unsuspecting individuals with the promise of CAPTCHA verification. The malware aims to harvest sensitive data, including credentials, browser information, and cryptocurrency wallet details.
This attack chain begins with threat actors compromising legitimate websites, injecting malicious JavaScript payloads that present bogus CAPTCHA check pages. Users are instructed to copy and paste a PowerShell command into their Windows terminal as verification, which retrieves and executes a JavaScript file called gverify.js. This script, in turn, fetches the EDDIESTEALER binary from a remote server, saving it in the downloads folder with a pseudorandom filename. The malware dynamically retrieves configuration data from a command-and-control server, allowing it to adapt its behavior and target specific programs. EDDIESTEALER is designed to gather system metadata and siphon data of interest from infected hosts, including cryptocurrency wallets, web browsers, password managers, FTP clients, and messaging apps like Telegram. The malware incorporates string encryption, a custom WinAPI lookup mechanism, and a mutex to prevent multiple instances from running. It also includes anti-sandbox checks and a self-deletion technique using NTFS Alternate Data Streams to evade detection. The dynamic C2 tasking gives attackers flexibility, highlighting the ongoing threat of ClickFix campaigns and the increasing use of Rust in malware development. Recommended read:
References :
|
|