Share Blog Post
As ChatGPT continues to make headlines, threat actors have released yet another variant of the fake ChatGPT Chrome extension. Called Chat GPT for Google, the malicious extension is propagated via Google Ads and is designed to hijack the Facebook accounts of users. In other news, the city of Oakland has allegedly fallen victim to a ransomware attack for the second time and this time it is by the notorious LockBit. The group has set a ransom payment deadline for the officials, after which it plans to publish the stolen data on its site.
A sophisticated VEC scam that could have led to the loss of $36 million was prevented on time. The scam impersonated executives of a real estate firm to target an escrow officer at an insurance company.
Top Breaches Reported in the Last 24 Hours
LockBit claims the City of Oakland breach
In another ransomware incident, the LockBit gang has threatened to leak the files and data stolen from the City of Oakland’s systems. The attackers have given a 19-day deadline after which they plan to publish the stolen data. On the other hand, the city is yet to issue a statement regarding the claims made by the gang.
Top Malware Reported in the Last 24 Hours
New FakeGPT Chrome extension
A new variant of the FakeGPT Chrome extension titled ‘Chat GPT for Google’ is targeting Facebook users in an attempt to hijack their accounts. The attack is an extension of the FakeGPT campaign that was discovered on March 14. This time, the malicious extension is not pushed using sponsored Facebook posts but rather is distributed by abusing Google Ads.
New NAPLISTENER malware spotted
The threat group tracked as REF2924 has been found deploying previously unseen malware in its attacks against entities in South and Southeast Asia. The malware, dubbed NAPLISTENER, is an HTTP listener programmed in C# and is designed to evade network-based forms of detection. In addition to NAPLISTENER, the hacking group has also been associated with multiple custom malware tracked as SiestaGraph and Somnirecord, among others.
Top Vulnerabilities Reported in the Last 24 Hours
CISA releases ICS advisories
CISA released advisories for vulnerabilities affecting multiple ICS products. The affected products include three products from Siemens, Keysight N6854A Geolocation Server, Delta Electronics InfraSuite Device Master, Rockwell Automation ThinManager, and monitoring systems from Hitachi. The newly released advisories cover technical details of the vulnerabilities along with mitigation measures.
Top Scams Reported in the Last 24 Hours
VEC attack attempts to steal $36 million
Security experts managed to prevent a Vendor Email Compromise (VEC) attack that attempted to steal $36 million from customers. The scammers impersonated an executive of a real estate firm to send emails to an escrow officer at an insurance company. The email included information about a payoff letter and directed the recipient to view the attached letter and payment instructions.
Scammers target job seekers
Over 2400 phishing pages impersonating well-known companies in the logistics, food & beverage, and petroleum industries were used to target Arabic-speaking job seekers. The campaign was active from January 2022 to January 2023 and lured victims with web pages containing descriptions about the fake vacancies.
Tags
Posted on: March 22, 2023
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
The Virtual Cyber Fusion Suite
