AI sophisticated attacks

Jul 28 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that’s got that Friday feeling like Hunter Biden has everyday. #partymonster

It’s Friday, folks, which can only mean one thing… It’s time for our weekly segment!!!

It goes by many names. Patch of the Week, Tweak of the week. Okay, that’s it.

Congrats, the cybercriminals are no match… for your patch! Check out these just freshly hatched patches!! ????????????

Apple releases URGENT patches for Zero-Day Flaws affecting iPhones, iPads and Macs

Apple released security updates for its operating systems and Safari to fix several security vulnerabilities, including one called CVE-2023-38606, which allowed malicious apps to modify sensitive kernel state.

This bug was actively exploited before iOS 15.7.1 and is linked to a cyber espionage campaign targeting iOS devices known as Operation Triangulation, which has had multiple zero-day exploits, some of which were patched last month.

Don’t forget to update people!

Now on to today’s hottest cyber security stories:

  • ???? Introducing 'FraudGPT', the new AI tool that’s tailored for sophisticated attacks ????

  • ???? Decoy Dog: New breed of Malware sniffing up Enterprise Networks ????

  • ???? New malvertising campaign distributing trojanized IT tools via Google, Bing Search Ads ????

Soooooooo Phisticated ????

???? ???? New Cybercrime AI Tool on the Dark Web! Introducing FraudGPT! ????????

Watch out, cyberworld! ???? There's a new AI tool causing a buzz in the dark web underworld. It's called FraudGPT, and it follows in the footsteps of WormGPT ????.

This malicious AI, as reported by Netenrich security researcher Rakesh Krishnan, is exclusively designed for offensive purposes like crafting tricky spear phishing emails, creating cracking tools, and carding, among other cybercrimes. ????????

???? FraudGPT has been making rounds since at least July 22, 2023, and you won't believe the price for this sinister subscription! ???? It costs $200 a month, or you can get a longer deal with $1,000 for six months or $1,700 for a whole year. ????

Meet the mastermind behind this dangerous AI tool: the online alias CanadianKingpin. This actor claims that FraudGPT is the ultimate Chat GPT alternative, boasting exclusive tools, features, and capabilities without any limits! ????????

But that's not all – this AI has a dark side! ???? According to the author, it can write malicious code, create undetectable malware, find leaks and vulnerabilities, and it's even got a whopping 3,000 confirmed sales and reviews! ???? The exact large language model (LLM) used to develop FraudGPT remains shrouded in mystery. ????

Stay vigilant, and remember to keep your cybersecurity guard up! ????️ Don't let the dark web's tricks get the best of you. Stay safe out there! ????????

I came across ZZZ money club during the crypto market bull run when everyone’s a winner, even during the bear market this discord group has been amazing at giving information on projects and ways to make passive income in various ways.

The group is very active and everyone in this private discord group is very chatty and helpful.

Its run by Yourfriendandy and Decadeinvestor, you can find them here on YouTube, both top guys with great content.

If you are interested in joining the group you can through the link below.

What’s up, dog? ????

???? New Malware Alert: Meet Decoy Dog! ????????

???? Watch out for Decoy Dog, the latest malware making waves in the cyberworld! ???? This dangerous malware is a significant upgrade from its predecessor, the Pupy RAT, and comes with some powerful, previously unknown capabilities! ????

According to Infoblox, Decoy Dog can move victims to another controller, allowing the hackers to maintain communication with compromised machines ???? and remain hidden for long periods.

Some unfortunate victims have been communicating with a Decoy Dog server for over a year! ????

This malware has some serious new features, like executing arbitrary Java code on the client and connecting to emergency controllers using a mechanism similar to a traditional DNS domain generation algorithm (DGA).

The Decoy Dog domains are designed to respond to replayed DNS queries from breached clients. ????️

It’s not a ‘Pupy’ anymore…

Dr. Renée Burton from Infoblox explained that Decoy Dog has added functionality not seen in Pupy. It can even command compromised devices to stop talking to the current controller and switch to another one! ???? They discovered this through statistical analysis on DNS queries. ????

This sophisticated toolkit was first discovered in April 2023, targeting enterprise networks through anomalous DNS beaconing activity. The cybercriminals behind Decoy Dog remain mysterious, but they seem to be nation-state hackers with distinct tactics, responding to inbound requests matching the structure of client communication. ????️‍♂️????

Stay vigilant and protect your networks from this advanced threat! ????️ Don't let Decoy Dog catch you off guard! ????????

????️ Extra, Extra! Read all about it ????️

Each week, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • ???? Millionaire Habits: Learn how to steal the simple habits of millionaire in 3 minutes or less straight from your inbox

  • ???? Bot Eat Brain: Teaches how to harness the awesome power of AI whilst avoiding common pitfalls.

  • ???? Stand the f*ck out: Anxious about AI, wary customers, and rising competition? This on-trend newsletter could be just the ticket.

Let us know what you think!

How to get ahead in malvertising ????

???? New Nitrogen Malvertising Campaign Targets IT Tools Users! ????

Watch out, IT users! A sneaky malvertising campaign called Nitrogen ????️ has been spotted, targeting people searching for tools like AnyDesk, Cisco AnyConnect VPN, and WinSCP.

The cybercriminals trick users into downloading trojanized installers ????, aiming to breach enterprise networks and potentially launch ransomware attacks in the future.

According to Sophos researchers, Nitrogen is an "opportunistic" activity that deploys second-stage attack tools, including Cobalt Strike ????.

The campaign starts by redirecting users to compromised WordPress sites ????, where malicious ISO image files are hosted. These files eventually deliver Python scripts and Cobalt Strike Beacons to the victim's system. ????

Recently, Trend Micro also found a similar attack sequence, where a fraudulent WinSCP application acted as a stepping stone for a BlackCat ransomware attack ????.

The threat actors behind Nitrogen are cleverly disguising their malicious activity, using uncommon export forwarding and DLL preloading techniques to evade detection and analysis. ????️‍♂️⚙️

Stay cautious and protect your systems from these crafty attacks! ????️ Don't let Nitrogen take you by surprise! ????????

Have a good weekend, cyber-squad! ????????????

So long and thanks for reading all the phish!

Cyber Dawgs top picks from the week, he's your Dawg, he got you.

MONDAY: Fake software downloads

TUESDAY: Government spies

WEDNESDAY: Elderly watch out

THURSDAY: Apple mac users watch out

footer graphic cyber security newsletter

Recent articles