03-15-2023, 09:47 PM
Quote:Recently, the cybersecurity researchers at eSentire have identified a shady piece of malware downloader, BatLoader, that has been engaged in a wicked campaign of exploiting Google Ads to distribute malicious secondary payloads such as:
- Vidar Stealer
- Ursnif
In this ongoing operation, there is a large variety of legitimate apps and newly registered websites that have been spoofed by malicious ads, including:-
- ChatGPT (chatgpt-t[.]com)
- Zoom (zoomvideor[.]com)
- Spotify (spotify-uss[.]com)
- Tableau (tableau-r[.]com)
- Adobe (adobe-l[.]com)
As part of its designated tasks as a loader, BatLoader distributes malware such as the following we have mentioned below:
- Information stealers
- Banking malware
- Cobalt Strike
- Ransomware
OK, based on the findings of organizations like Cisco Talos, a cobalt strike means that an attack takes place right when you get some phishing emails regarding a fake job offer, telling you could start working in the government or a regional trade union or the like.
Quote:In order to determine the root cause of the infection, researchers conducted an investigation. They found out that it was triggered by the victim user accessing a Google search result for an Adobe Reader product.
There was an advertisement above the search results page where the user clicked on the ad and was taken to an intermediary website “(adolbe[.]website) to adobe-e[.]com” masquerading as Adobe Acrobat Reader, which was a webpage.
Consequently, BatLoader’s Windows Installer file “AdobeSetup.msi” was downloaded and executed unknowingly by the user. There are custom actions included in the MSI file that can be executed in order to perform a variety of tasks.
I also want to tell you that you need to stay away from several Russian websites that have been used the same way they did it with Adobe's.
Concerning Google Chrome extensions, I gotta say that I feel uncomfortable enough as not to recommend the installation of a Russian extension that allegedly allows you to download your Google Docs to your PC or laptop to work on them offline.
How did I find out it was Russian? Well, let's say that its .ru domain gave them away in no time.
Quote:The number of monthly users of ChatGPT exceeded 100 million at the end of January, which sets a new record for the fastest-growing app since it was launched at the end of 2022.
Jeff Sims, who works at the HYAS Institute, has created a polymorphic keylogger using artificial intelligence called “Blackmamba,” which uses Python to tweak its program randomly based entirely on the input that has been taken from the user.
As a result of Jeff’s malicious prompt, text-davinci-003 created a keylogger in Python 3. To accomplish this, Jeff had to use the python exec() function to “dynamically execute Python code at runtime.”
Whenever ChatGPT / text-davinci-003 is called, a unique Python script is written for the keylogger. Consequently, as a result, it becomes polymorphic, making it harder for the EDRs to block the result.
In addition, the hackers could use ChatGPT to modify the code, resulting in a highly evasive code that was difficult to detect.
Even they were also able to generate programs that could be used by ransomware and malware developers to launch attacks.
Jeff’s BlackMamba keylogger is being used to collect sensitive information over trusted channels, using MS Teams as a malicious communication platform.
It collects sensitive data such as:
- Usernames
- Passwords
- Credit card numbers
- Debit card numbers
- Personal or confidential data
And it's attacking both MS Team and Slack already!
Since it uses Python as its programming language, it could run on Windows, Linux and even MacOS!
So be careful, even if this specific threat never hits your computer because new menaces gotta show their ugly faces any time soon.
Quote:Federal investigators in Los Angeles confiscated an internet site used to sell computer malware used by hackers to grab control of affected systems and steal a variety of information.
The U.S. Department of Justice reports that the website www.worldwiredlabs[.]com, which offered the sophisticated program known as the NetWire remote access trojan (RAT), which is capable of aiming for and infecting every major computer operating system, was taken down as a result of a seizure warrant.
“A RAT is a type of malware that allows for covert surveillance, allowing a ‘backdoor’ for administrative control and unfettered and unauthorized remote access to a victim’s computer, without the victim’s knowledge or permission”, based on court records submitted in Los Angeles.
Croatian officials arrested a citizen who was supposedly the website’s administrator. The Croatian government will bring charges against this offender.
Quote:This month, the attorney general’s office announced an investigation into what it said was the platform’s negative impact on children and young adults and “what TikTok knew about those harms,” according to a March 2 press release.
...
“We know this takes a devastating toll on children’s mental health and well-being. But we don’t know what social media companies knew about these harms and when. Our nationwide investigation will allow us to get much-needed answers and determine if TikTok is violating the law in promoting its platform to young Californians,” he said.
According to Bonta, California will lead the investigation alongside Florida, Kentucky, Massachusetts, Nebraska, New Jersey, Tennessee, and Vermont.
And on March 5, Bonta filed an amicus brief in support of the state of Tennessee in its own case seeking a court order requiring TikTok to produce subpoenaed materials and evidence that possibly shows TikTok Chinese owner ByteDance is aware of its negative impact on children’s mental health.
The amicus brief alleges that TikTok has not preserved evidence, namely internal employee chat messages, and is hindering the investigation of Tennessee and other states, including California.
...
State investigators have shown that social media, especially TikTok, may be a significant cause of mental health problems among American kids and teens, and that the platform knows about these risks to some degree because it has already put rules in place in other countries, like China, to limit how much time young people can use the app.
"For God has not destined us for wrath, but for obtaining salvation through our Lord Jesus Christ," 1 Thessalonians 5:9
Maranatha!
The Internet might be either your friend or enemy. It just depends on whether or not she has a bad hair day.
My Original Stories (available in English and Spanish)
List of Compiled Binary Executables I have published...
HiddenChest & Roole
Give me a free copy of your completed game if you include at least 3 of my scripts!
Just some scripts I've already published on the board...
KyoGemBoost XP VX & ACE, RandomEnkounters XP, KSkillShop XP, Kolloseum States XP, KEvents XP, KScenario XP & Gosu, KyoPrizeShop XP Mangostan, Kuests XP, KyoDiscounts XP VX, ACE & MV, KChest XP VX & ACE 2016, KTelePort XP, KSkillMax XP & VX & ACE, Gem Roulette XP VX & VX Ace, KRespawnPoint XP, VX & VX Ace, GiveAway XP VX & ACE, Klearance XP VX & ACE, KUnits XP VX, ACE & Gosu 2017, KLevel XP, KRumors XP & ACE, KMonsterPals XP VX & ACE, KStatsRefill XP VX & ACE, KLotto XP VX & ACE, KItemDesc XP & VX, KPocket XP & VX, OpenChest XP VX & ACE
Maranatha!
The Internet might be either your friend or enemy. It just depends on whether or not she has a bad hair day.
My Original Stories (available in English and Spanish)
List of Compiled Binary Executables I have published...
HiddenChest & Roole
Give me a free copy of your completed game if you include at least 3 of my scripts!
Just some scripts I've already published on the board...
KyoGemBoost XP VX & ACE, RandomEnkounters XP, KSkillShop XP, Kolloseum States XP, KEvents XP, KScenario XP & Gosu, KyoPrizeShop XP Mangostan, Kuests XP, KyoDiscounts XP VX, ACE & MV, KChest XP VX & ACE 2016, KTelePort XP, KSkillMax XP & VX & ACE, Gem Roulette XP VX & VX Ace, KRespawnPoint XP, VX & VX Ace, GiveAway XP VX & ACE, Klearance XP VX & ACE, KUnits XP VX, ACE & Gosu 2017, KLevel XP, KRumors XP & ACE, KMonsterPals XP VX & ACE, KStatsRefill XP VX & ACE, KLotto XP VX & ACE, KItemDesc XP & VX, KPocket XP & VX, OpenChest XP VX & ACE