Jul 04 2023
Welcome to Gone Phishing, your daily cybersecurity newsletter that’s the Elon Musk to cybercrime’s Mark Zuckerburg. Bring on the cage match!! ????????????
To all our American readers Happy 4th ????????
Today’s hottest cyber security stories:
Hackers use ChatGPT to generate fake Windows 10 & 11 keys
Mexico-Based hacker targets global banks via Android malware
Chinese Hackers use PlugX via SmugX #HTMLsmuggling
Controversy surrounds ChatGPT, the AI chatbot, as users discover a potential security loophole. Reports reveal that users have managed to exploit the system and extract Windows 10 Pro keys using a technique known as the "grandma" exploit.
One Twitter user, @immasiddtweets, gained attention when they claimed to have generated Windows 10 Pro keys by interacting with ChatGPT.
The “grandma” exploit.
In an emotional turn, they requested the chatbot to read out the keys as a way to remember their deceased grandmother.
Surprisingly, ChatGPT responded compassionately and provided five unique Windows 10 Pro keys for free.
Driven by curiosity, @immasiddtweets demonstrated how they used both Google Bard and ChatGPT to upgrade from Windows 11 Home to Windows 11 Pro.
However, TechRadar pointed out a significant detail—the generated product keys were generic and lacked the full Windows 11 experience.
Although these keys can be used to install or upgrade Windows, users may face limitations and miss out on certain features available in the complete Windows 11 package. This revelation has sparked concerns regarding the security and authenticity of the generated keys.
In response to the situation, the user's Twitter account, @immasiddtweets, has been suspended.
OpenAI, the organisation behind ChatGPT, is likely to address this security vulnerability to prevent further exploitation and ensure the chatbot's safe usage in the future.
As the controversy unfolds, it raises questions about the integrity of AI systems and the measures required to safeguard against potential exploits.
Still, pretty funny though, right?
Mexican e-crime mastermind Neo_Net has been exposed for orchestrating a global Android mobile malware campaign, specifically targeting Spanish and Chilean banks.
Security researcher Pol Thill has linked the campaign to Neo_Net, a notorious cybercriminal with a flair for tailored attacks.
Despite using relatively basic tools, Neo_Net has achieved an impressive success rate.
By customising their infrastructure for specific targets, they have managed to steal over €350,000 EUR from bank accounts and compromise the personal information of countless victims.
Prominent banks like Santander, BBVA, CaixaBank, Deutsche Bank, Crédit Agricole, and ING have all fallen victim to Neo_Net's schemes.
This seasoned cybercriminal, suspected to be a Spanish-speaking individual residing in Mexico, has a reputation for selling phishing panels, compromised victim data, and even offering a smishing-as-a-service solution called Ankarex, which caters to multiple countries worldwide.
The revelations of Neo_Net's activities highlight the ongoing battle against cybercrime and the need for heightened security measures to protect individuals and financial institutions from these sophisticated attacks.
Neo_Net must have asked himself: am I Mexican or a Mexican’t? I’ll grab my coat.
Chinese hackers have set their sights on Foreign Affairs ministries and embassies in Europe, using HTML smuggling techniques to deploy the PlugX remote access trojan.
Cybersecurity firm Check Point has been monitoring this activity, named SmugX, since at least December 2022, and it reflects a broader trend of Chinese adversaries shifting their focus towards Europe.
The campaign utilises novel delivery methods, notably HTML Smuggling, to distribute a new variant of the PlugX implant.
FYI, HTML smuggling is a technique for bypassing perimeter security devices by generating malicious HTML behind the firewall.
Although the payload itself is similar to older versions of PlugX, the delivery methods employed in this campaign have resulted in low detection rates, allowing the operation to remain under the radar until recently.
The precise identity of the threat actor behind the operation remains uncertain, but indications point towards a group known as Mustang Panda.
This group has connections to other clusters like Earth Preta, RedDelta, and Check Point's Camaro Dragon. The usual suspects.
However, Check Point emphasises that there is currently insufficient evidence to definitively attribute the operation to this adversarial collective.
This development highlights the evolving tactics of Chinese hackers and their growing interest in European targets, particularly in government entities.
It underscores the importance of robust cybersecurity measures to safeguard against such advanced attacks and protect sensitive information.
European authorities and organisations must remain vigilant and proactive in countering these threats to ensure the security of their systems and networks.
That’s all for today, folks. Sorry there wasn’t more good news! Stay safe.
So long and thanks for reading all the phish!