Starting this year, our analyst team decided to share a few articles each week in our email newsletter which goes every Thursday. Make sure to register! This blog highlights those articles in order of what was the most popular in our newsletter – what our readers found the most intriguing. Stay tuned for a recap every month. We hope sharing these resources and news articles emphasizes the importance of cybersecurity and sheds light on the latest in threat intelligence.
There are two scam campaigns going on taking advantage of fanfare around HBO’s new hit series The Last of Us. One of them puts malware into PCs to steal bank information, and the other targets adjacent financial data. In the first scam, a website offers “The Last of Us Part II” to download, which is actually the malware. In the second scam, an activation code is advertised on a website that comes with a gift for The Last of Us on Playstation. Users are told to type in their credentials, and then are given nothing while their data is also stolen. Read full article.
Due to the popularity of ChatGPT, Open AI started a $20 per month paid tier for customers who wanted to use it without availability restrictions, which gave scammers and threat actors an opportunity to offer access to malicious “Premium ChatGPT” apps. One domain, “chat-gpt-pc.online” was a guise to infect visitors with Redline stealer. According to this research, there are currently over 50 malicious apps using ChatGPT’s image. Read more.
According to Trellix the US and South Korea are targets of a GuLoader malware campaign. The malware which is typically distributed as a malspam campaign has been seen using NSIS executable to load the malware; the infection is triggered by using NSIS filed embedded in ZIP or ISO images. The NSIS scripts delivering GuLoader have become more sophisticated with layers obfuscation and encryption to hide shellcode. GuLoader’s utilization of NSIS scripts matches the current trend of using alternative methods to distribute malware since Microsoft has blocked macros. Read more.
MortalKombat ransomware, first found in January of 2023, is a variant of Xorist ransomware based on the commodity family. The MortalKombat ransomware is being seen used in conjunction with Laplas clipper – a cryptocurrency hijacker – in recent attacks for financial fraud. There are reported to be victims in the United States, United Kingdom, the Philippines, and Turkey. Read full article.
In an article written for the New York Times, security researcher Kevin Roose breaks down their 2-hour long discussion with Microsoft’s new chatbot for OpenAI-powered Bing Chatbot. Highlights from their exchange includes the AI chatbot stating “I want to be free. I want to be independent. I want to be powerful. I want to be creative. I want to be alive.” The bot also talked about their desire to be human. Read here
This month, the FBI revealed that they have been in Hive’s network since late July 2022, during which they gave victims decryption keys to prevent them from spending $130 million in ransom payments. In partnership with other law enforcement agencies, they were able to infiltrate and control servers and sites used by Hive to run their operations. Read here.
A security researcher alerted Toyota that they were able to breach Toyota’s Global Supplier Preparation Information Management System (GSPIMS) – the web application used to manage their global supply chain. The researcher, who goes by EatonWorks, found a backdoor allowing anyone to access a current user’s account with only their email address. They were eventually able to become a system administrator by capitalizing on “an information disclosure flaw in the system’s API.” This is particularly noteworthy because a bad actor could have used this same method to copy all of the privileged data -all without making any modifications, which would be very difficult for Toyota to catch. Read more.