Ferrari Hacked… gone in 60 secs

Mar 24 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily newsletter that brings the fire like Alan Sugar.

Today’s hottest cyber security stories:

  • Ferrari handles ransomware chicanery well
  • Fake ‘ChatGPT For Google’ Chrome extension fools 9,000
  • Crypto-jack hack! Prominent YouTube channel hacked by crypto scam artists


You’ve got to admire the gall of this latest gang of ransomware scammers who call themselves RansomEXX (very imaginative name!).

They could have set their sights on Vauxhall, Ford, or even Volkswagen. But no, this lot had bigger things in mind. They went straight for the crem dela crem: sexy Italian supercars. But will their bright eyed, bushy tailed optimism pay off?

If Ferrari themselves are to be believed, the answer is a resounding no. But let’s look a little closer at the facts and decide whether we can trust the Italians.

So far, Ferrari has not disclosed the exact date of the ransomware attack incident. However, it is believed to be linked to reports of an attack in October 2022, some five months ago!

RansomEXX claims to have stolen (and leaked!) 7GB of data already; Ferrari denies this.

The above tweet shows Ferrari’s correspondence with its client base, or ‘Ferraristas’, as the message addresses them. Is that a bit like Justin Beiber’s Beliebers or Ladty Gaga’s ‘Little Monsters’. Cringe.

There’s potential for a phishing frenzy. The exposure of a customer contact list presents an opportunity for cyber attackers to launch targeted phishing attacks using customized, malicious emails. And they’ll know these particluar phishies aren’t short of a few bob.

Ferrari says operations have not been affected and, as businesses targeted by ransomware attacks always do, have been dismissive about seriousness of the hack. However, a third-party cybersecurity firm has been consulted. So only time will tell!

What’s a ransomware attack?

FYI: Ransomware attacks are when threat actors hack into a company or individual’s computer system and then lock the files or steal them and threaten to either keep users locked out (causing mass disruption) or release sensitive data to the public until they receive their ransom payment.

Give me the loot!

Payment is usually demanded in cryptocurrency so it can’t be easily traced; the preferred crypto is usually Monero (XMR) or, more recently, Dero. At time of writing, XMR and Dero are trading at $159.46 (up 3.6% in 24 hours), and $6.54 (up 5% in 24 hours), per coin, respectively.


It’s more bad news for lazy students, teachers, journalists, bloggers (ahem), and many others following the news that there’s another fake ChatGPP Chrome extension doing the rounds online.

This one is called ‘ChatGPT For Google’ and is a trojanized version of a legitimate open-source browser add-on.

It was uploaded to the Chrome Web Store on February 14, 2023, and was downloaded a little over 9,000 times before its removal on March 14.

For those who don’t know about ChatGPT, where the hell have you been, living in a cave!? Even my mum was talking about this the other day and she’s seventy!

Joking, ChatGPT is an artificial intelligence (AI) chatbot developed by OpenAI and launched in November 2022. It’s an amazing little tool which can carry out all manner of tasks in a matter of seconds such as producing detailed (and original) instructions, articles, recipes.

You can even ask it philosophical questions and it’ll come up with better responses than half my university professors were able to. Sorry guys!

What does it do?

Well, once it fools the unsuspecting victim into installing the extension, which promises added functionality and all manner or other bells and whistles, it sneakily activates the ability to swipe your Facebook cookies and beam them to an external (and malevolent!) server.

Here’s the really scary part… Once in possession of the victim’s cookies, the threat actor moves to seize control of the Facebook account, change the password, alter the profile name and picture, and even use it to disseminate extremist propaganda.

So, if one of your buddies suddenly starts sounding off about ‘Death to the infidels’ or ‘Hitler did nothing wrong’, maybe give them a ring and check to see if it’s legit.

And if it is, tell them that they might be spending too much time on 4chan… #pol


Another day, another YouTube channel hacked by hacktivist crypto-jack attack maniacs who, for some reason, love nothing more than to hijack popular YouTube accounts and post crypto scam vids.

Seriously guys, if that’s what you’re into, fine, but we don’t all need to see it. God.

Whether or not these hackers derive some sort of perverse pleasure from making subscribers watch them carry out their seedy crypto scams remains unclear. What is clear is that this is a growing phenomenon.

Indeed, other Linus Media Group YouTube channels, including Techquickie and TechLinked, have also been breached and given new names focused on Tesla.

  • The British army’s YouTube channel was hacked to promote crypto scams
  • Tens of thousands of “viewers” watched a fake Apple crypto scam
  • Popular Vevo channels on YouTube for artists like Lil Nas X, Drake, Taylor Swift have also been compromised

Today’s breaches may well be from a combination of passwords and two-factor authentication being compromised, and honestly it feels like YouTube could do more to prevent the damaging effects of this.

Watch this space and get your act together YouTube! Geez.

So long and thanks for reading all the phish!

Cyber Dawgs top picks from the week, he’s your Dawg, he got you.

footer graphic cyber security newsletter

Recent articles