DEV Community

Cover image for Security news weekly round-up - 18th October 2024
Habdul Hazeez
Habdul Hazeez

Posted on

Security news weekly round-up - 18th October 2024

Introduction

We're currently living in the so-called AI bubble. AI here and there and the rise of the phrase: AI won't replace you but someone that knows how to use AI will. Yes, that's a bit of a digression from the theme of this review. But, I just thought I sprinkle something different once in a while, just you know, I have no idea 😊.

Fine, let's come back. This edition of our weekly security news review is dominated by two topics that we've covered in almost every edition; malware and phishing. And we have a new form of phishing called quishing.

Let's go.


OpenAI confirms threat actors use ChatGPT to write malware

First of all, I am not surprised. I have always believed that any tool developed by man for good reasons will be misused. And history has proven that times without numbers. But with Generative AI, it gets scary. It gives low-skilled actors the tools to do bad stuff. They don't have to explicitly say "I want to write malware, can you teach me?"

Divide and conquer, bits by bits you prompt the AI, and the results could be something really dangerous. Such is the case here and OpenAI, based on the report that was referenced in the article, suspended the suspicious account of the threat actors.

Here is a quick excerpt from the article:

The report, which focuses on operations since the beginning of the year, constitutes the first official confirmation that generative mainstream AI tools are used to enhance offensive cyber operations.

The first signs of such activity were reported by Proofpoint in April, who suspected TA547 (aka "Scully Spider") of deploying an AI-written PowerShell loader for their final payload, Rhadamanthys info-stealer.

TrickMo malware steals Android PINs using fake lock screen

Talk about creativity in a really bad sense, it's this. The design of the lock screen can trip you if you're a potential victim. Moreover, since it's a banking Trojan, the victim can suffer financial losses. This also shows you how far threat actors are willing to go just to sit down somewhere around the world and take your hard-earned money from you.

Stay safe. Never stop learning about cyber security and read the excerpt below.

Zimperium analysts dissecting these new variants also report a new deceptive unlock screen mimicking the real Android unlock prompt, designed to steal the user's unlock pattern or PIN.

"The deceptive User Interface is an HTML page hosted on an external website and is displayed in full-screen mode on the device, making it look like a legitimate screen," explains Zimperium.

"When the user enters their unlock pattern or PIN, the page transmits the captured PIN or pattern details, along with a unique device identifier (the Android ID) to a PHP script."

Quishing attacks are targeting electric car owners: Here’s how to slam on the brakes

There is the probability that you're not using an electric car, or maybe you're planning on getting one. Nonetheless, you should be aware of this attack. Here is how it works: cyber criminals place a fraudulent QR code over the real one at charging stations. When you scan the code in an attempt to pay for the charge, you're directed to a phishing page that's designed to harvest your payment details.

This begs the following question: how do protect yourself from this attack? The answer: if you can use other payment means, use it. Finally, there is no excerpt for this one. You need to read the article. So what are you waiting for? Go ahead and come back and finish the review. I am waiting!

New Linux Variant of FASTCash Malware Targets Payment Switches in ATM Heists

All the malware that we have talked about so far are all about stealing money. This one is no different. To complicate issues, it targets both Windows and Linux systems. Furthermore, it's allegedly on behalf of a nation-state.

Here is what's going on:

It's designed to intercept and modify ISO 8583 transaction messages used for debit and credit card processing in order to initiate unauthorized fund withdrawals.

Specifically, it entails manipulating declined (magnetic swipe) transaction messages due to insufficient funds for a predefined list of cardholder account numbers and approving them to withdraw a random amount of funds in Turkish Lira.

Over 200 malicious apps on Google Play downloaded millions of times

At the time of writing, it seems all the infected applications have been removed from the Play Store. Nonetheless, it reminds me of the statement: No system is safe.

To protect yourself from applications like these, you can take the following preventive measures highlighted in the article:

To minimize the chances of getting infected by malware from Google Play, users are advised to read reviews from others to see what problems have been reported and check the application publisher.

Users should also check the permissions requested at installation time and abort the process if the app requires permissions that do not fit its activity.

Be Aware of These Eight Underrated Phishing Techniques

Cybersecurity awareness and education are important irrespective of your industry. This article is a proof. I highlighted these phishing techniques below and a summary of how they work.

  1. SEO Poisoning — Optimizing phishing websites for SEO or hijacking a Google business listing leading unsuspecting victims to reach out under the pretext that they are communicating with an authorized representative.
  2. Paid Ad Scams — Attackers use display advertising, pay-per-click advertising, and social media advertising to promote their ads and target users, leading victims to visit malicious websites, download malicious applications, or unwittingly share credentials
  3. Social Media Phishing — They can create fake accounts, mimic trusted contacts, celebrities or politicians, in hopes of luring users to engage with their malicious content or messages.
  4. QR Code Phishing — Attackers affix malicious QR codes on posters, menus, flyers, social media posts, fake deposit slips, event invitations, parking meters and other venues, tricking users into scanning them or making an online payment.
  5. Mobile App Phishing — Basically, scammers distribute or upload malicious applications on mobile app stores
  6. Call Back Phishing — As the name suggests, call back phishing is a social engineering technique whereby attackers encourage users to dial back to a fraudulent call center or a helpdesk.
  7. Cloud-based Phishing Attacks — They exploit cloud storage services like Amazon and IBM to host websites containing spam URLs and distribute them via text messages
  8. Content Injection Attacks — Software, devices, applications and websites commonly suffer from vulnerabilities. Attackers exploit these vulnerabilities to inject malicious content into code or content, manipulate users to share sensitive data, visit a malicious website, make a call-back request or download malware.

Fake Google Meet conference errors push infostealing malware

Any Google Meet link that's saying that there is an issue with your headset or microphone is a BIG RED FLAG. Walk away immediately; it's a trap. What's more, the links (which are fake), look like actual Google Meet links.

Stay safe, and read the article.

Credits

Cover photo by Debby Hudson on Unsplash.


That's it for this week, and I'll see you next time.

Top comments (0)