Security education can go a long way. It can help companies and users patch their vulnerable systems and be aware of the threats that are out there. The results? A better security posture.
In this week's review, we have the usual suspects: malware and phishing. And in the mix, we have some more news.
How AI Assistants are Moving the Security Goalposts
It is a funny title from Brian Krebs. Meanwhile, it should sound the security alarm within you if you have been following the trend of OpenClaw since its release. We can go all day talking about it, but the following is what I want you to take away from the article.
Jamieson O’Reilly is a professional penetration tester and founder of the security firm DVULN. In a recent story posted to Twitter/X, O’Reilly warned that exposing a misconfigured OpenClaw web interface to the Internet allows external parties to read the bot’s complete configuration file, including every credential the agent uses — from API keys and bot tokens to OAuth secrets and signing keys.
With that access, O’Reilly said, an attacker could impersonate the operator to their contacts, inject messages into ongoing conversations, and exfiltrate data through the agent’s existing integrations in a way that looks like normal traffic.
Researchers Trick Perplexity's Comet AI Browser Into Phishing Scam in Under Four Minutes
The good news is that they have patched it. Now, we should worry: what other attacks can researchers devise against these types of web browsers? Time will tell.
Here is what happened:
The research builds on prior techniques like VibeScamming and Scamlexity, which found that vibe-coding platforms and AI browsers could be coaxed into generating scam pages or carrying out malicious actions via hidden prompt injections.
In other words, with the AI agent handling the tasks without constant human supervision, there arises a shift in the attack surface wherein a scam no longer has to deceive a user. Rather, it aims to trick the AI model itself.
14,000 routers are infected by malware that’s highly resistant to takedowns
Here, resistant to takedown means, one of the ways to get rid of the malware if you're infected, is to perform a factory reset!.
From the article:
The malware—dubbed KadNap—takes hold by exploiting vulnerabilities that have gone unpatched by their owners, Chris Formosa, a researcher at security firm Lumen’s Black Lotus Labs, told Ars.
The high concentration of Asus routers is likely due to botnet operators acquiring a reliable exploit for vulnerabilities affecting those models. He said it’s unlikely that the attackers are using any zero-days in the operation.
Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets
When you read the article's title, you can be certain of one thing: the malware families are used to steal people's money. One of the malware — PixRevolution — steals money in such a way that it's difficult for the victim to know what happened.
From the article:
The Android malware range from traditional banking trojans like PixRevolution, TaxiSpy RAT, BeatBanker, Mirax, and Oblivion RAT to full-fledged remote administration tools such as SURXRAT.
PixRevolution, according to Zimperium, targets Brazil's Pix instant payment platform, hijacking victims' money transfers in real-time to route them to the threat actors instead of the intended payee.
Credits
Cover photo by Debby Hudson on Unsplash.
That's it for this week, and I'll see you next time.
Top comments (0)