Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Hacker. Show all posts
python
Blockchain cryptocurrency Cyber Attacks Cybersecurity GitHub Hacker JavaScript Linkedin malware python

North Korean Hacker Group Targets Cryptocurrency Developers via LinkedIn

 

A North Korean threat group known as Slow Pisces has launched a sophisticated cyberattack campaign, focusing on developers in the cryptocurrency industry through LinkedIn. Also referred to as TraderTraitor or Jade Sleet, the group impersonates recruiters offering legitimate job opportunities and coding challenges to deceive their targets. In reality, they deliver malicious Python and JavaScript code designed to compromise victims' systems.

This ongoing operation has led to massive cryptocurrency thefts. In 2023 alone, Slow Pisces was tied to cyber heists exceeding $1 billion. Notable incidents include a $1.5 billion breach at a Dubai exchange and a $308 million theft from a Japanese firm. The attackers typically initiate contact by sending PDFs containing job descriptions and later provide coding tasks hosted on GitHub. Although these repositories mimic authentic open-source projects, they are secretly altered to carry hidden malware.

As victims work on these assignments, they unknowingly execute malicious programs like RN Loader and RN Stealer on their devices. These infected projects resemble legitimate developer tools—for instance, Python repositories that claim to analyze stock market data but are actually designed to communicate with attacker-controlled servers.

The malware cleverly evades detection by using YAML deserialization techniques instead of commonly flagged functions like eval or exec. Once triggered, the loader fetches and runs additional malicious payloads directly in memory, making the infection harder to detect and eliminate.

One key malware component, RN Stealer, is built to extract sensitive information, including credentials, cloud configuration files, and SSH keys, especially from macOS systems. JavaScript-based versions of the malware behave similarly, leveraging the Embedded JavaScript templating engine to conceal harmful code. This code activates selectively based on IP addresses or browser signatures, targeting specific victims.

Forensic investigations revealed that the malware stores its code in hidden folders and uses HTTPS channels secured with custom tokens to communicate. However, experts were unable to fully recover the malicious JavaScript payload.

Both GitHub and LinkedIn have taken action against the threat.

"GitHub and LinkedIn removed these malicious accounts for violating our respective terms of service. Across our products, we use automated technology, combined with teams of investigation experts and member reporting, to combat bad actors and enforce terms of service. We continue to evolve and improve our processes and encourage our customers and members to report any suspicious activity," the companies said in a joint statement.

Given the increasing sophistication of these attacks, developers are urged to exercise caution when approached with remote job offers or coding tests. It is recommended to use robust antivirus solutions and execute unknown code within secure, sandboxed environments, particularly when working in the high-risk cryptocurrency sector.

Security experts advise using trusted integrated development environments (IDEs) equipped with built-in security features. Maintaining a vigilant and secure working setup can significantly lower the chances of falling victim to these state-sponsored cyberattacks.
Read more »
WiFi
Bank Security Cyber Attacks Hacker Personal Data WiFi

5 Signs Your Wi-Fi Has Been Hacked: Protect Your Bank Details

5 Signs Your Wi-Fi Has Been Hacked: Protect Your Bank Details

The tech company Aura sent its experts to investigate the telltale indicators that cybercriminals have overcome your wi-fi. A hacker can access all of your sensitive information through your wifi in a number of methods, and it's far easier to detect than you might believe.

In the event that this occurs, outsiders will have access to your bank account information and other private information. They may even be able to listen in on your private discussions with loved ones, parents, or other family members.

However, you can tell if your wifi has been hacked or not by looking for these five indicators:

1. Reduced internet speed

If your internet provider is normally trouble-free, an abrupt and unusual slowdown in your access to the internet may indicate that hackers have attacked your router.

2. Finding strange devices or IP addresses

Unknown gadgets, sometimes known as rogue devices, may indicate that hackers are trying to access private data from your router.

If you see this, you need to check if any unidentified devices are included in the list of connected devices by logging in to your router's IP address, which is typically found on the router itself.

3. Suddenly, the Wi-Fi password has changed

Should this occur without warning, there may be a connection to hacker activity.

You won't be able to access the router and resolve the problem on your own because these annoying hackers typically alter your login credentials after they have access.

4. Unknown or new software installed on your devices

If you notice any strange new software on your device, it can be a sign that hackers have been targeting your network and maybe installing malware.

5. Strange activities on your web browser

You will almost certainly notice this: if your browser starts directing you to strange websites, it's possible that hackers have altered your DNS settings. You may also notice things like ransomware messages appearing that purport to have sensitive data or photos, suggesting that hackers may have gained access to your router.

Fake purchasers will often contact real sellers of goods and appear to be interested in making a purchase in an attempt to obtain your private information.

The scammer would then lie and claim to have transferred monies that are only available through a dubious link, so the transaction never actually happens.

Usually, the link is a phishing one, where the seller enters their bank card information thinking they will get money, but inadvertently allows their account to be drained. There are, nevertheless, safety measures you can do. Downloading antivirus software would help prevent those hackers from getting near you.

Read more »
North Korea
Cyber Security Digital Vigilante Geopolitical Intrigue Hacker North Korea

Alejandro Caceres: The Vigilante Hacker Who Took Down North Korea’s Internet

Alejandro Caceres: The Vigilante Hacker Who Took Down North Korea’s Internet

In the shadowy world of cybersecurity, where nation-states and rogue actors engage in digital warfare, one man stood out—a vigilante hacker named Alejandro Caceres. His audacious mission: was to take down North Korea’s internet infrastructure. 

Caceres launched a one-man cyberwar that disrupted every publicly visible website in North Korea, keeping them offline for over a week. But who was this mysterious figure, and what drove him to such extreme measures?

The Unlikely Hero

Alejandro Caceres, a 38-year-old Colombian-American cybersecurity entrepreneur, hardly fits the profile of a cyberwarrior. Yet, his personal vendetta against North Korean spies pushed him to the brink. 

Having been targeted by North Korean agents earlier, Caceres reported the incidents to the FBI, only to receive no government support. Frustrated and disillusioned, he decided to take matters into his own hands. His mission: to send a message to Kim Jong Un’s regime that messing with American hackers would have consequences.

The Pseudonym: P4x

As Caceres executed his attack, he adopted the pseudonym “P4x.” The name was a clever nod to his intention: to force peace with North Korea through the threat of his own punitive measures. 

By hiding behind this moniker, he hoped to evade both North Korean retaliation and potential criminal hacking charges from his own government. P4x became the faceless avenger, a digital vigilante with a singular purpose.

The Tools of the Trade

Armed with custom-built programs and cloud-based servers, Caceres disrupted North Korea’s internet infrastructure. His attacks were intermittent, calculated, and relentless. Publicly visible websites blinked out of existence, leaving the regime scrambling for answers. 

Caceres provided screen-capture videos and real-time evidence of his disruption, all while remaining hidden in his coastal Florida home. 

The Power of One

Caceres’ story underscores the power of a single individual in the vast digital landscape. In a world dominated by nation-states and cyber armies, he stood alone against North Korea. His actions were audacious, risky, and morally ambiguous. Was he a hero or a rogue? The answer, perhaps, lies in the gray areas of cyberwarfare.

The Message

As North Korea’s internet flickered and faltered, Caceres sent a message: No one is untouchable. Even the most secretive regime could be disrupted by a determined hacker. His personal vendetta had transformed into a geopolitical statement. The world watched as North Korea’s cyber defenses crumbled, and P4x became a legend.

Read more »
WormGPT
Artificial Intelligence ChatGPT Cyberactivity Cybersecurity Hacker Technology WormGPT

Evil Unleashed: Meet WormGPT Chat's Wicked Twin

 


Over 100 million users have signed up for ChatGPT since it launched last year, making it one of the top ten most popular apps in the world. Artificial intelligence has taken the world by storm in recent years with OpenAI's chatbots. In the wake of Bing Chat and Google Bard, Microsoft and Google have created follow-up products inspired by Bing Chat. A revolutionary AI is in town - WormGPT, which you could say is here to make your life easier, but it's not here to help you. 

A worm-like AI chatbot called WormGPT has not been designed to bring amusingly wriggly invertebrate AI assistance to the feline-specific ChatGPT, but rather to provide a fun twist on the traditional chatbot. It's a far more malicious and unethical tool that is designed without ethics to be of any use to anyone. A popular advantage of this product is that it boosts productivity, raises effectiveness, and lowers the entry barrier for your average cybercriminal to gain access.  

A hacker came up with WormGPT which is an artificial intelligence (AI) model used to create a malicious computer program. It poses a lot of danger to individuals and companies alike. It is imperative to note that WormGPT is different from its counterpart, ChatGPT, which is designed to help. ChatGPT has an excellent intention, whereas WormGPT is designed to attack large amounts of people. 

This "sophisticated AI model," independently verified by cyber security firm SlashNext, was malicious. SlashNext alleges that the model was trained using a wide range of data sources, with a specific focus on malware-related data as part of its data-gathering process. In the case of GPT-J programming language software, the risks associated with AI modules can be exemplified by the threat of harming even those not well-versed in them.

Researchers from the International Center for Computer Security conducted experiments using phishing emails to better understand WormGPT risks. Despite being highly persuasive, the model also showed strategic cunning to generate persuasive emails. This was strategic. It is important to note that this indicates that sophisticated phishing attacks and business email compromises (BECs) are possible. 

In the last couple of years, experts, government officials, and even the creator of ChatGPT, along with the developers of WormGPT have recognized the dangers of AI tools such as ChatGPT and WormGPT. Their point of view has been that the public must be protected from misuse of these technologies through the adoption of regulations. There have also been warnings from Europol, the international organization that is meant to support law enforcement authorities in preventing the misuse of large language models (LLMs) such as ChatGPT for fraud, impersonation, and social engineering purposes. 

The primary concern with AI tools such as ChatGPT is their ability to automatically generate highly authentic text in response to a user prompt, which is what makes them so appealing to researchers.

The fact that they are so popular for phishing attacks makes them extremely useful. Phishing scams used to be very easy to detect because they had obvious grammatical and spelling errors that allowed them to be detected readily. The major advancement in artificial intelligence has provided a powerful tool for impersonating organizations and people in an extremely realistic manner, thanks to advances in AI. The above situation is even true for those who understand English at a basic level. 

The acquisition of WormGPT Large Language Model (LLM) style ChatGPT for only $60 a month on the dark web has now made it possible to access WormGPT services. Without any ethical or moral limits, it is now possible to access its services. The chatbot is a version of degenerate generative artificial intelligence; in other words, it is not subject to the same filters as its counterpart – the ChatGPT – that is imposed by corporations such as Google, Facebook, and even OpenAI. NordVPN's IT security experts have already described ChatGPT as the "evil twin" of ChatGPT.

It is probably the most powerful hacking tool available in the world at the moment. The WormGPT tool was designed by a skilled hacker who built it on top of open-source LLM GPT-J as of 2021. 

During the testing process of WormGPT, SlashNext discovered some disturbing results that need to be addressed. A phishing email would be very difficult for a human to detect since it is so convincing, but WormGPT went above and beyond just to come up with something convincing, it even put together a very sophisticated way of combining all the phishing email elements to deceive potential victims. 

The purpose of WormGPT is to protect your computer from any sort of attack by your adversaries. WormGPT was able to achieve this through a series of cat-and-mouse games with OpenAI, which Adrianus Warmenhoven explained to us. It can be said that this is the result of a company trying to circumvent the ever-expanding provisions imposed by the government. This is to protect itself from legal liability. It was a method used by the LLM to impart information on illegal activity into seemingly innocuous texts, such as family letters and other correspondences, as part of the training process. 

Cybercriminals will no longer have to be restricted to subverting Open AI, as explained by the expert. With WormGPT they will no longer be required to do so. As a result, they can effectively make this technology evolve based on their own needs, and this, in turn, will transform the world of Artificial Intelligence into a true wild west that is becoming increasingly populated by humans. 

It is without a doubt that they will have to choose from an array of ever-advancing, ever-improving models being offered to ne'er-do-wells shortly, with the first AI chatbot the majority of ne'er-do-wells will have to use to assist them with their criminal acts. 

There is no doubt that Artificial Intelligence will become an increasingly important tool in preventing AI-generated cybercrime in the coming years, resulting in a race to see which side can more proficiently answer its questions. 

As of now, there are 90 seconds left until midnight on the clock of doomsday. This is due to the rapid adoption of disruptive technologies by humans. As a result, the doomsday clock that monitors our internet security might as well be in the middle of the night shortly. The only likely outcome as two disruptive forces collide on the digital landscape is mutually assured destruction, so perhaps it's time to all climb into our antivirus Anderson shelters and fill our bellies with MRE Malwarebytes.
Read more »
Vulnerabilities and Exploits
Customer Data data security Flaws Hacker Security Security flaw Vulnerabilities and Exploits

Major Experian Security Vulnerability Exploited, Attackers Access Customer Credit Reports

 

As per experts, the website of consumer credit reporting giant Experian comprised a major privacy vulnerability that allowed hackers to obtain customer credit reports with just a little identity data and a small change to the address displayed in the URL bar. 

Jenya Kushnir, a cybersecurity researcher, discovered the vulnerability on Telegram after monitoring hackers selling stolen reports and collaborated with KrebsOnSecurity to investigate it further. The concept was straightforward: if you had the victim's name, address, birthday, and Social Security number (all of which could be obtained from a previous incident), you could go to one of the websites offering free credit reports and submit the information to request one.

The website would then redirect you to the Experian website, where you would be asked to provide more personally identifiable information, such as questions about previous addresses of living and such.
And this is where the flaw can be exploited. 

There is no need to answer any of those questions; simply change the address displayed in the URL bar from "/acr/oow/" to "/acr/report," and you will be presented with the report. While testing the concept, Krebs discovered that changing the address first redirects to "/acr/OcwError," but changing it again worked: "Experian's website then displayed my entire credit file," according to the report.

The good news (if it can be called that) is that Experian's reports are riddled with errors. In the case of Krebs, it contained a number of phone numbers, only one of which was previously owned by the author.

Experian has remained silent on the matter, but the issue appears to have been resolved in the meantime. It's unknownfor how long the flaw was active on the site or how many fraudulent reports were generated during that time.
Read more »
Twitter Data Breach
BBC Data Breach Hacker Stolen Data. Twitter users Twitter Twitter Data Breach

Ryushi Demanding Ransom Worth $200,00 For Breached Data


In a recent case of a Twitter data breach, the hacker named “Ryushi” demanded a ransom worth $200,000 to hand over the stolen data of 400 million users. 

In regard to this, a probe has been launched by Ireland’s watchdog. According to the Data Protection Commission (DPC) it "will examine Twitter's compliance with data protection law in relation to that security issue." 

As per the reports, Twitter did not comment on this claim yet, nor did it respond to the press inquiries regarding the claimed breach. 

The stolen data apparently includes victims’ phone numbers and emails, including that of some celebrities and politicians. While the exact size of the haul is yet to be confirmed, only a small “sample” has been made public thus far.  

Several Hints May Prove the Claim 

A cybercrime intelligence firm 'Hudson Rock' was the first to bring up the issue of the sale of stolen data. One of the company's chief technology officers told BBC that several hints seemed to back up the hacker's assertion. 

The data did not seem to have been copied from some earlier breach, where the details were made public from 5.4 million Twitter accounts. 

Out of the 1,000 sample emails provided by the hacker in the earlier incident, only 40 emails appeared, "so we are confident that this breach is different and significantly bigger," the officer said.

Additionally, Mr. Gal noted: "The hacker aims to sell the database through an escrow service that is offered on a cyber-crime forum. Typically this is only done for real offerings." An escrow service is a third party that agrees to release funds but only after certain conditions are met (for example handing over data)  

The hacker has said that the breached data was obtained and gathered by taking advantage of a vulnerability in the system, that enables computer programs to connect with Twitter. 

The DCP on the other hand announced that it was investigating the earlier breach that took place on December 23, 2022. Moreover, media reports assert that the hacker is in fact aware of the loss and potential damage the breached data can do.  

Read more »
WordPress
API Apple CMS Data Breach Hacker Password Hacking Twitter User Privacy WordPress

Data Breach Targets Fast Company News

Fast Company's Apple News website currently displays a statement from the business confirming that it was hacked on Sunday afternoon, followed by another intrusion on Tuesday night that let threat actors to send bigoted notifications to smartphones via Apple News.

In a press release issued last night, the company claimed that "the statements are repulsive and are not by the contents and culture of Fast Company.  We have suspended FastCompany.com while we look into the matter and will not reopen it until it is resolved."

As soon as individuals on Twitter noticed the offensive Apple News notifications, the company disabled the Fast Company channel on the news network.

Data breach tactics

The website's webpage started to load up with articles headlined "Hacked by Vinny  Troia. [redacted] tongue my [redacted]. Thrax was here. " on Sunday afternoon, which was the first indication that Fast Company had been compromised.

In their ongoing dispute with security analyst Vinny Troia, members of the breached hacking group and the now-defunct RaidForums regularly deface websites and carry out attacks that they attribute to the researcher. Fast Company took the website offline for a while to address the defacement, but on Tuesday at around 8 PM EST, another attack occurred.

Hackers claim that after discovering that Fast Company was using WordPress for their website, they were able to compromise the company. The HTTP basic authentication which was supposed to have protected this WordPress installation was disregarded. The threat actor goes on to claim that they were able to enter the WordPress content management system by utilizing a relatively simple default password used on dozens of users.

Fast Company, according to the post, had a 'ridiculously easy' default password that was used on numerous accounts, including an admin account. The compromised account would have then been utilized by the threat actors to gain access to, among other things, authentication tokens and Apple News API credentials.

They assert that by using these tokens, they were able to set up administrator accounts on the CMS platforms, which were then used to send notifications to Apple News.

Threat actors gained access to an undefined number of customer names, birthdates, contact numbers, email, physical addresses, and personal documents, including license and passport numbers, through this same forum, which was at the center of the previous Optus breach. The hacker in question claims to have made 10,200 records available thus far. It's uncertain whether or when Apple News would reactivate the Fast Company channel.



Read more »
Safety
Cyber Security Decryption Key Developers Experiment Hacker Packages python Safety

School Kid Uploads Ransomware Scripts to PyPI Repository as 'Fun' Project

 

An apparently school-age hacker from Verona, Italy, has become the latest to highlight why developers must be cautious about what they download from public code repositories these days. As an experiment, the teenage hacker recently posted many malicious Python packages containing ransomware programmes to the Python Package Index (PyPI). 

The packages' names were "requesys," "requesrs," and "requesr," which are all typical misspellings of "requests," a valid and extensively used HTTP library for Python. According to the Sonatype researchers who discovered the malicious code on PyPI, one of the packages (requesys) was downloaded around 258 times — probably by developers who made typographical errors when attempting to download the genuine "requests" package. 

The bundle included scripts for exploring directories such as Documents, Pictures, and Music. One version of the requesys package included plaintext Python encryption and decryption code. However, a later version included a Base64-obfuscated executable, making analysis more difficult, according to Sonatype. 

Developers whose systems were encrypted received a pop-up notice urging them to contact the package's author, "b8ff" (aka "OHR" or Only Hope Remains), on his Discord channel for the decryption key. According to Sonatype, victims were able to receive the decryption key without having to pay for it. 

"And that makes this case more of a gray area rather than outright malicious activity," Sonatype concludes. 

Information on the hacker's Discord channel shows that at least 15 victims had installed and run the package. According to the company, Sonatype identified the virus on July 28 and promptly reported it to PyPI's authorities. Two of the packages have subsequently been deleted, and the hacker has renamed the requesys package so that developers do not confuse it with a valid programme. 

"There are two takeaways here," says Sonatype's Ankita Lamba, senior security researcher. First and foremost, be cautious while spelling out the names of prominent libraries, as typosquatting is one of the most prevalent malware attack tactics, she advises. Second, and more broadly, developers should always use caution when obtaining and integrating packages into their software releases. Open source is both a necessary fuel for digital innovation and an attractive target for software supply chain threats, explains Lamba.

Following the newest finding, Sonatype researchers contacted the creator of the malicious code and discovered him to be a self-described school-going hacker who was evidently fascinated by exploits and the simplicity with which they might be developed.

According to Lamba, b8ff assured Sonatype that the ransomware software was totally open source and part of a hobby project.

"As they are a school-going 'learning developer,' this was meant to be a fun research project on ransomware exploits that could have easily gone much further astray," Lamba says. "The author went on to say that they were surprised to see how easy it was to create this exploit and how interesting it was."
Read more »
Subscribe to: Posts (Atom)