Small businesses and boutique organizations should use caution when leaning on browser-friendly artificial intelligence (AI) tools to generate ideas, content, and marketing copy, as a set of Google Chrome extensions were recently compromised to deliver info-stealing malware disguised as legitimate updates.
Analyzed by researchers at Extension Total, the cybercriminal campaign has managed to take over the accounts of at least 36 Google Chrome extensions that provide AI and VPN services. The compromised extensions include “Bard AI Chat,” “ChatGPT for Google Meet,” “ChatGPT App,” “ChatGPT Quick Access,” “VPNCity,” “Internxt VPN,” and more, which are used by an estimated total of 2.6 million people.
Read more…
Source: Malwarebytes Labs
Related:
- Nemty Ransomware Expands Its Reach, Also Delivered by Trik Botnet
November 4, 2019
The Nemty ransomware (Ransom.Nemty), initially detected in August 2019, has increased its reach by partnering up with the Trik botnet (Trojan.Wortrik), which now delivers Nemty to compromised computers. Trik, also known as Phorpiex, has been around for approximately 10 years. In its early days, the malware self-propagated via removable USB drives, Windows Live Messenger, or Skype ...
- Alexa, Siri, Google Smart Speakers Hacked Via Laser Beam
November 4, 2019
Researchers have discovered a new way to hack Alexa and Siri smart speakers merely by using a laser light beam. No physical access of the victims’ device, or owner interaction, is needed to launch the hack, which allows attackers to send voice assistants inaudible commands such as unlocking doors. The attack, dubbed “light commands,” leverages the ...
- BlueKeep Attacks Have Arrived, Are Initially Underwhelming
November 4, 2019
The wave of BlueKeep attacks that security experts predicted could take down systems globally have arrived, but they are not in showing the form nor the destructive impact experts initially feared. Security researchers have seen evidence of the first wave of attacks on the zero-day Windows Remote Desktop vulnerability revealed by Microsoft in May. At the time experts ...
- Chrome 0-day exploit CVE-2019-13720 used in Operation WizardOpium
November 1, 2019
Kaspersky Exploit Prevention is a component part of Kaspersky products that has successfully detected a number of zero-day attacks in the past. Recently, it caught a new unknown exploit for Google’s Chrome browser. We promptly reported this to the Google Chrome security team. After reviewing of the PoC we provided, Google confirmed there was a ...
- Stubborn Malware Targets QNAP NAS Hardware Specifically
November 1, 2019
Top-selling network attached storage devices (NAS) made by QNAP Systems are being singled out by attackers, who have crafted malware specifically designed for the vendor’s hardware. Researchers at the Finland’s National Cyber Security Centre (NCSC-FI) reported the targeted attacks late last month, dubbing the malware QSnatch. Once infected, hackers can access the NAS devices and retrieve all ...
- Office for Mac Users Warned of Malicious SYLK Files
November 1, 2019
Microsoft Office for Mac users are being warned that malicious SYLK files are sneaking past endpoint defenses even when the “disable all macros without notification” is turned on. This leaves systems vulnerable to a remote, unauthenticated attackers who can execute arbitrary code. The warning comes from United States Computer Emergency Readiness Team (US-CERT), which said that ...