Threat Intelligence RoundUp: February

March 01, 2023

Starting this year, our analyst team decided to share a few articles each week in our email newsletter which goes every Thursday. Make sure to register! This blog highlights those articles in order of what was the most popular in our newsletter – what our readers found the most intriguing. Stay tuned for a recap every month. We hope sharing these resources and news articles emphasizes the importance of cybersecurity and sheds light on the latest in threat intelligence.

1. Cybercriminals Target Fans of The Last of Us with recent Malware and Phishing Scams – IT Security Guru

There are two scam campaigns going on taking advantage of fanfare around HBO’s new hit series The Last of Us. One of them puts malware into PCs to steal bank information, and the other targets adjacent financial data. In the first scam, a website offers “The Last of Us Part II” to download, which is actually the malware. In the second scam, an activation code is advertised on a website that comes with a gift for The Last of Us on Playstation. Users are told to type in their credentials, and then are given nothing while their data is also stolen. Read full article.

2. Hackers Use Fake ChatGPT Apps to Push Windows, Android Malware – Bleeping Computer

Due to the popularity of ChatGPT, Open AI started a $20 per month paid tier for customers who wanted to use it without availability restrictions, which gave scammers and threat actors an opportunity to offer access to malicious “Premium ChatGPT” apps. One domain, “” was a guise to infect visitors with Redline stealer. According to this research, there are currently over 50 malicious apps using ChatGPT’s image. Read more.

3. GuLoader Malware Using Malicious NSIS Executables to Target E-Commerce Industry – The Hacker News

According to Trellix the US and South Korea are targets of a GuLoader malware campaign. The malware which is typically distributed as a malspam campaign has been seen using NSIS executable to load the malware; the infection is triggered by using NSIS filed embedded in ZIP or ISO images. The NSIS scripts delivering GuLoader have become more sophisticated with layers obfuscation and encryption to hide shellcode. GuLoader’s utilization of NSIS scripts matches the current trend of using alternative methods to distribute malware since Microsoft has blocked macros. Read more.

4. New ‘MortalKombat’ Ransomware Targets systems in the U.S. and Abroad – Bleeping Computer

MortalKombat ransomware, first found in January of 2023, is a variant of Xorist ransomware based on the commodity family. The MortalKombat ransomware is being seen used in conjunction with Laplas clipper – a cryptocurrency hijacker – in recent attacks for financial fraud. There are reported to be victims in the United States, United Kingdom, the Philippines, and Turkey. Read full article.

5. Bing’s AI Chatbot: “I Want to be Alive” – New York Times

In an article written for the New York Times, security researcher Kevin Roose breaks down their 2-hour long discussion with Microsoft’s new chatbot for OpenAI-powered Bing Chatbot. Highlights from their exchange includes the AI chatbot stating “I want to be free. I want to be independent. I want to be powerful. I want to be creative. I want to be alive.” The bot also talked about their desire to be human. Read here

6. U.S. Department of Justice Disrupts Hive Ransomware Variant – U.S. Department of Justice

This month, the FBI revealed that they have been in Hive’s network since late July 2022, during which they gave victims decryption keys to prevent them from spending $130 million in ransom payments. In partnership with other law enforcement agencies, they were able to infiltrate and control servers and sites used by Hive to run their operations. Read here.

7. Researcher breaches Toyota supplier portal with info on 14,000 partners – Bleeping Computer

A security researcher alerted Toyota that they were able to breach Toyota’s Global Supplier Preparation Information Management System (GSPIMS) – the web application used to manage their global supply chain. The researcher, who goes by EatonWorks, found a backdoor allowing anyone to access a current user’s account with only their email address. They were eventually able to become a system administrator by capitalizing on “an information disclosure flaw in the system’s API.” This is particularly noteworthy because a bad actor could have used this same method to copy all of the privileged data -all without making any modifications, which would be very difficult for Toyota to catch. Read more.

Make sure to register for our weekly newsletter to get access to what our analysts are reading on a weekly basis.

See why DarkOwl is the Leader in Darknet Data

Copyright © 2024 DarkOwl, LLC All rights reserved.
Privacy Policy
DarkOwl is a Denver-based company that provides the world’s largest index of darknet content and the tools to efficiently find leaked or otherwise compromised sensitive data. We shorten the timeframe to detection of compromised data on the darknet, empowering organizations to swiftly detect security gaps and mitigate damage prior to misuse of their data.