Malware is not going anywhere anytime soon because as good developers sit down to create useful software and applications, bad developers create malicious software. Now, with the popularity of Artificial Intelligence tools and services, we have come to discover that we need to be careful what we share with these systems if we intend to preserve our privacy online.
With my opening statement, you can infer the two talking points of our review. If you are still not sure, they are malware and privacy issues related to Artificial Intelligence.
I am your host Habdul Hazeez. Let's do a review.
Researchers Uncover GPT-4-Powered MalTerminal Malware Creating Ransomware, Reverse Shell
The article title alone shows us what's possible: attackers are using Large Language Models like GPT-4 in their workflows. Mind you, we are barely into three years since the ever-growing adoption of AI in various industries, and it's clear that malicious actors are not lagging. Moreover, the excerpt below shows that I am not alone in this assessment.
The enterprise adoption of generative AI tools isn't just reshaping industries – it is also providing fertile ground for cybercriminals, who are using them to pull off phishing scams, develop malware, and support various aspects of the attack lifecycle.
According to a new report from Trend Micro, there has been an escalation in social engineering campaigns harnessing AI-powered site builders like Lovable, Netlify, and Vercel since January 2025 to host fake CAPTCHA pages that lead to phishing websites
Here’s how potent Atomic credential stealer is finding its way onto Macs
A sincere advice to myself and you my readers: let's make an effort to download the applications that we need by typing the address of the official website in our web browser's address bar and hitting the enter key to navigate there. By doing this, we are, at least, making an effort that we don't want to download malicious applications after following advertisements shown in search engine results.
Why give such advice, you may ask. The reason is simple, it's what's fueling this attack, causing LastPass to raise awareness, leading to this article that we are reviewing.
The following is a quick takeaway from the article:
The compromise indicators LastPass provided listed other software or services being impersonated as 1Password, Basecamp, Dropbox, Gemini, Hootsuite, Notion, Obsidian, Robinhood, Salesloft, SentinelOne, Shopify, Thunderbird, and TweetDeck.
Typically, the ads offer the software in prominent fonts. When clicked, the ads lead to GitHub pages that install versions of Atomic that are disguised as the official software being falsely advertised.
Watch out for SVG files booby-trapped with malware
The article is a clear warning. You might think: malware in SVG? Yes, it's true. Also, attackers rely on social engineering to trick you into opening it. The excerpt below shows how the attack unfolds.
The attacks rely on social engineering, with victims receiving emails that are dressed up to look as though they come from trusted institutions. The messages have an aura of urgency
The end goal of the multi-stage campaign is to install AsyncRAT, a remote access trojan (RAT) that, as also described by ESET researchers, lets attackers remotely monitor and control compromised devices.
Neon, the No. 2 social app on the Apple App Store, pays users to record their phone calls and sells data to AI firms
I could not believe it when I read the article's title. I mean: throwing away your privacy for cash? Who does that? To make matters worse, what voice can be used for fraud! Or, what if they suffer a data breach? Don't let us go there.
I am not giving any excerpt for this one. I encourage you to read the article.
Credits
Cover photo by Debby Hudson on Unsplash.
That's it for this week, and I'll see you next time.
Top comments (0)