Small businesses and boutique organizations should use caution when leaning on browser-friendly artificial intelligence (AI) tools to generate ideas, content, and marketing copy, as a set of Google Chrome extensions were recently compromised to deliver info-stealing malware disguised as legitimate updates.
Analyzed by researchers at Extension Total, the cybercriminal campaign has managed to take over the accounts of at least 36 Google Chrome extensions that provide AI and VPN services. The compromised extensions include “Bard AI Chat,” “ChatGPT for Google Meet,” “ChatGPT App,” “ChatGPT Quick Access,” “VPNCity,” “Internxt VPN,” and more, which are used by an estimated total of 2.6 million people.
Read more…
Source: Malwarebytes Labs
Related:
- Academics demand answers from NHS over potential data timebomb ticking inside new UK contact-tracing app
April 29, 2020
A group of nearly 175 UK academics has criticised the NHS’s planned COVID-19 contact-tracing app for a design choice they say could endanger users by creating a centralised store of sensitive health and travel data about them. In the open letter published this afternoon, the 173 scholars called on NHSX, the state-run health service’s app-developing and ...
- Remote spring: the rise of RDP bruteforce attacks
April 29, 2020
With the spread of COVID-19, organizations worldwide have introduced remote working, which is having a direct impact on cybersecurity and the threat landscape. Alongside the higher volume of corporate traffic, the use of third-party services for data exchange, and employees working on home computers (and potentially insecure Wi-Fi networks), another headache for infosec teams is the ...
- Hiding in plain sight: PhantomLance walks into a market
April 28, 2020
In July 2019, Dr. Web reported about a backdoor trojan in Google Play, which appeared to be sophisticated and unlike common malware often uploaded for stealing victims’ money or displaying ads. So, we conducted an inquiry of our own, discovering a long-term campaign, which we dubbed “PhantomLance”, its earliest registered domain dating back to December 2015. We found ...
- Spies Urged To Adopt AI To Counter Augmented Threats
April 28, 2020
UK’s intelligence agencies must use artificial intelligence to repel increasingly sophisticated cyber-attacks and disinformation campaigns, finds study The UK’s foes are likely to use artificial intelligence to augment future threats, a study has warned, arguing that Britain’s intelligence forces must adopt the technology to keep pace. The study, commissioned by GCHQ and conducted by the Royal United Services Institute, ...
- Anatomy of Formjacking Attacks
April 27, 2020
The rise of the Internet has contributed positively in many ways to people’s lives and you can find almost any service on the internet now. However, the convenience of the internet also opens a gate to use malware to steal people’s confidential information, and unfortunately, more and more malware authors are taking advantage of this. Formjacking, ...
- Single Malicious GIF Opened Microsoft Teams to Nasty Attack
April 27, 2020
Microsoft has fixed a subdomain takeover vulnerability in its collaboration platform Microsoft Teams that could have allowed an inside attacker to weaponize a single GIF image and use it to pilfer data from targeted systems and take over all of an organization’s Teams accounts. The attack simply involved tricking a victim into viewing a malicious GIF ...