Security News

The fake OpenAI pages serving malware have been set up on a variety of domains, and we can expect others still to pop up. Users wanting to try out ChatGPT are advised to go directly to the source, i.e., to look for relevant information on OpenAI's official page.

The threat actor is being tracked as Clasiopa by Symantec, a Broadcom company, whose analysts found a clue pointing to an Indian threat actor. Symantec's investigation revealed that along with its backdoor, Clasiopa also used legitimate software such as Agile DGS and Agile FD, signed with old certificates.

An active malware campaign has set its sights on Facebook and YouTube users by leveraging a new information stealer to hijack the accounts and abuse the systems' resources to mine cryptocurrency. Bitdefender is calling the malware S1deload Stealer for its use of DLL side-loading techniques to get past security defenses and execute its malicious components.

Threat actors are exploiting the popularity of OpenAI's ChatGPT chatbot to distribute malware for Windows and Android, or direct unsuspecting vitims to phishing pages. Security researcher Dominic Alvieri was among the first to notice one such example using the domain "Chat-gpt-pc.online" to infect visitors with the Redline info-stealing malware under the guise of a download for a ChatGPT Windows desktop client.

An ongoing malware campaign targets YouTube and Facebook users, infecting their computers with a new information stealer that will hijack their social media accounts and use their devices to mine for cryptocurrency. Security researchers with Bitdefender's Advanced Threat Control team discovered the new malware and dubbed it S1deload Stealer due to its extensive use of DLL sideloading for evading detection.

A new information stealer called Stealc has emerged on the dark web gaining traction due to aggressive promotion of stealing capabilities and similarities with malware of the same kind like Vidar, Raccoon, Mars, and Redline. Stealc has been advertised on hacking forums by a user called "Plymouth," who presented the malware as a piece of malware with extensive data-stealing capabilities and an easy-to-use administration panel.

The malware intermittently redirected random customer websites to malicious sites. Redirects are so common that if you hang around web developers at all, you'll hear them referring to them by their numeric HTTP codes, in much the same way that the rest of us talk about "Getting a 404" when we try to visit a page that no longer exists, simply because 404 is HTTP's Not Found error code.

Samsung has announced a new feature called Message Guard that comes with safeguards to protect users from malware and spyware via what's referred to as zero-click attacks. The security feature, available on Samsung Messages and Google Messages, is currently limited to the Samsung Galaxy S23 series, with plans to expand it to other Galaxy smartphones and tablets later this year that are running on One UI 5.1 or higher.

Security researchers have discovered a new backdoor called WhiskerSpy used in a campaign from a relatively new advanced threat actor tracked as Earth Kitsune, known for targeting individuals showing an interest in North Korea. The new operation was discovered at the end of last year by researchers at cybersecurity company Trend Micro, who have been tracking Earth Kitsune activity since 2019.

Web hosting services provider GoDaddy on Friday disclosed a multi-year security breach that enabled unknown threat actors to install malware and siphon source code related to some of its services. GoDaddy said in December 2022, it received an unspecified number of customer complaints about their websites getting sporadically redirected to malicious sites, which it later found was due to the unauthorized third party gaining access to servers hosted in its cPanel environment.