AI Phishing attacks, what to watch for.

Jul 17 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that gives cybercriminals the uno reverse card.

Today’s hottest cyber security stories:

  • 🪱WormGPT lets cybercriminals launch sophisticated phishing attacks with AI 🤖

  • 🤖New SOHO router botnet AVrecon infects 70k devices in 20 Countries 🌎

  • 🔑 AIOS WordPress plugin stores users’ passwords in plaintext 📙

Worms Armageddon!

Imagine a world where AI isn't just used for good but is also harnessed by mischievous minds for their wicked schemes. No need to imagine, unfortunately.

Enter WormGPT, the mischievous cousin of GPT models, ready to take the cybercrime scene by storm!

According to the detectives at SlashNext, WormGPT is a cunning cybercrime tool that has made its grand entrance on the dark corners of the internet.

It boasts incredible powers to launch devilishly sophisticated phishing attacks and those pesky business email compromises we all love to hate.

Security researcher extraordinaire, Daniel Kelley, warns that this tool automates the creation of hyper-realistic scam emails, customised to fool even the sharpest minds out there. Brace yourselves, folks, cybercriminals just got a turbo boost!

The audacious mastermind behind WormGPT claims it's the "ultimate rival" to the infamous ChatGPT. Yes, you heard it right, it lets you dive into the forbidden realm of illegal activities. Don't say we didn't warn you!

Our beloved AI defenders, OpenAI's ChatGPT and Google's Bard, are scrambling to thwart the misuse of their impressive language models. However, it seems Bard's defences are a tad weaker than ChatGPT's, making it a playground for miscreants.

So, fellow cyber detectives, brace yourselves for the rise of WormGPT! With its incredible powers of deception, it might just become the ultimate weapon in the hands of cyber evildoers.

But fear not, for the cyber defenders are working tirelessly to keep the internet a safer place. Until next time, stay vigilant and keep those firewalls blazing!

I came across ZZZ money club during the crypto market bull run when everyone’s a winner, even during the bear market this discord group has been amazing at giving information on projects and ways to make passive income in various ways.

The group is very active and everyone in this private discord group is very chatty and helpful.

Its run by Yourfriendandy and Decadeinvestor, you can find them here on YouTube, both top guys with great content.

If you are interested in joining the group you can through the link below.

SOHO what?

Cybersecurity experts have uncovered a relentless malware strain that has silently plagued small office/home office (SOHO) routers for over two years.

Brace yourselves for the havoc caused by AVrecon, the newest addition to the notorious SOHO router-targeting botnets!

Lumen Black Lotus Labs, the guardians of digital realms, have christened this menacing malware "AVrecon," joining the ranks of its predecessors, ZuoRAT and HiatusRAT. But beware, my friends, for AVrecon takes the crown as one of the largest SOHO router-targeting botnets ever observed.

The primary motive behind this devious campaign seems to be the establishment of a covert network, facilitating a range of criminal activities, from password spraying to digital advertising fraud. A silent criminal empire is being built right under our noses!

This nefarious infection has spread its roots across 20 countries, with the majority of victims hailing from the United Kingdom and the United States.

But AVrecon's reach extends to Argentina, Nigeria, Brazil, Italy, Bangladesh, Vietnam, India, Russia, South Africa, and more. No corner of the world is safe from its clutches!

Astoundingly, AVrecon managed to evade detection until now, until Kaspersky's senior security researcher, Ye (Seth) Jin, unveiled its true nature in May 2021. This silent infiltrator has been lurking in the shadows, undetected by our digital defences.

The attack strategy, unravelled by the vigilant team at Lumen, involves infecting the victim's SOHO router, extracting crucial information, and relaying it to an embedded command-and-control (C2) server.

AVrecon also hunts down any existing malware by examining processes on port 48102, eliminating competition to reign supreme.

Prepare yourselves, dear readers, as the battle against AVrecon intensifies. The fight to safeguard our digital infrastructure has never been more crucial.

Stay vigilant, update those firewalls, and protect your SOHO routers from this cunning adversary!

🗞️ Extra, Extra! Read all about it 🗞️

Each week, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • 💸 Millionaire Habits: Learn how to steal the simple habits of millionaire in 3 minutes or less straight from your inbox

  • 🤯 Bot Eat Brain: Teaches how to harness the awesome power of AI whilst avoiding common pitfalls.

  • 💅 Stand the f*ck out: Anxious about AI, wary customers, and rising competition? This on-trend newsletter could be just the ticket.

Let us know what you think!

Adios, AIOS

A popular security plugin called All-In-One Security (AIOS) for WordPress websites recently released a security update due to a bug in version 5.1.9.

This bug caused users' passwords to be stored in the website's database as plain text.

The maintainers of AIOS, UpdraftPlus, explained that if a malicious site administrator (someone who is already logged in as an admin) gained access to the database, they could read these passwords.

This could become a problem if those administrators used the same passwords on other services. If those other services don't have additional security measures like two-factor authentication, it could put the affected website at risk.

The issue came to light when a user of the plugin reported the problem about three weeks ago. They were surprised that a security plugin would make such a fundamental error in protecting passwords.

AIOS assured users that the updates not only fix the issue but also remove the stored passwords from the database.

However, it's important to note that for this bug to be exploited successfully, a threat actor would need to have already compromised the WordPress site through other methods and have administrative privileges or unauthorised access to unencrypted site backups.

Make sure to update your IOS plugin to the latest version to safeguard your website against this vulnerability. Stay vigilant and protect your passwords!

So long and thanks for reading all the phish!

Recent articles