Once again proving there’s no honor among thieves, hackers were found preying on script kiddies via a trojanized XWorm RAT builder, compromising over 18,000 devices globally. The fake builder allowed operators to steal data and issue commands through a Telegram-based C2.

LTE and 5G networks face a critical challenge as researchers uncover 119 vulnerabilities that could disrupt services or breach core networks. These flaws, linked to buffer overflows and memory corruption, leave mobile users exposed to potential monitoring and targeted attacks.

A deceptive malware campaign leverages fake CAPTCHA pages and clipboard hijacking to spread Lumma Stealer across industries in multiple regions. The malware uses advanced evasion tactics to outmaneuver security defenses while stealing sensitive data.

Top Malware Reported in the Last 24 Hours

Fake malware builder targets script kiddies

A trojanized version of the XWorm RAT builder was weaponized and spread primarily through a Github repo, targeting new inexperienced hackers aka script kiddies. The malware has compromised over 18,459 devices across Russia, the U.S., India, Ukraine, and Turkey. The malware included a kill switch that was used to uninstall it from many devices, but some remain compromised. The fake builder was distributed through various channels and infected devices were registered to a Telegram-based C2 server, allowing the operators to steal data and issue commands.

New GhostGPT facilitates malware creation

Cybercriminals are selling access to a new malicious AI chatbot called GhostGPT, designed for activities like creating malware and phishing emails. It's being sold on Telegram and is believed to use a jailbroken version of ChatGPT or another open-source language model. GhostGPT has gained significant interest among cybercriminals and is marketed as an effective tool for various malicious activities, with a focus on ease of access and fast response time. The chatbot was tested in creating a convincing DocuSign phishing email, demonstrating its efficacy.

Malware campaign drops Lumma Stealer

A new malware campaign is spreading Lumma Stealer via social engineering tactics to trick victims into downloading and executing malware. The campaign uses fake CAPTCHA pages and clipboard hijacking to bypass traditional security defenses. It targets victims in various industries and regions, including the U.S., Argentina, Colombia, and the Philippines. The malware utilizes advanced evasion techniques such as AMSI bypass and obfuscation layers to avoid detection.

Top Vulnerabilities Reported in the Last 24 Hours

Security bug in Subaru’s Starlink

Security researchers found an arbitrary account takeover flaw in Subaru's Starlink service, allowing attackers to track, control, and hijack vehicles in the U.S., Canada, and Japan using just a license plate. The vulnerability could have enabled attackers to access customer accounts and vehicles, allowing them to start/stop vehicles, retrieve location history, access personal information, and more. Hackers could also access a customer’s personal information, including emergency contacts, billing data, and vehicle details. 

High-severity flaw in Meta’s Llama

A high-severity security flaw (CVE-2024-50050) has been discovered in Meta's Llama LLM framework, allowing attackers to run arbitrary code on the llama-stack inference server. The issue arises from the deserialization of untrusted data, enabling code execution when malicious data is sent. Attackers could exploit this by sending crafted objects to an exposed ZeroMQ socket, allowing them to execute arbitrary code on the target machine. Meta addressed this issue on October 10, 2024, in version 0.0.41, switching from pickle to the safer JSON format for socket communication. 

100+ bugs in LTE and 5G network implementations

A group of academics has revealed over 100 security vulnerabilities affecting LTE and 5G systems, which attackers could use to disrupt services and access the cellular core network. The 119 vulnerabilities, linked to 97 unique CVE identifiers, involve seven LTE implementations and three 5G implementations. Attackers can crash key network components by sending a small data packet without needing authentication. Many vulnerabilities are related to buffer overflows and memory corruption, which could allow monitoring and targeted attacks on mobile users.