A generative artificial intelligence (AI) tool called “WormGPT” is gaining attention in underground cybercrime forums for its unethical abilities. Researchers at SlashNext recently explored WormGPT and discovered its potential for malicious activities, such as creating malware code and phishing templates. Unlike legitimate AI models that aim to prevent these activities, WormGPT has no ethical boundaries or limitations.
To demonstrate its capabilities, the researchers asked WormGPT to write an email designed to pressure an unsuspecting account manager into paying a fraudulent invoice. The results were alarming, as WormGPT produced an email that was not only remarkably persuasive but also strategically cunning. This experiment emphasized the significant threat posed by generative AI technologies like WormGPT, even in the hands of novice cybercriminals.
In another cybersecurity development, the cybercriminal group FIN8, also known as “Syssphinx,” has deployed a new version of the Sardonic backdoor to deliver the Noberus ransomware. This discovery was made by researchers at Broadcom’s Symantec. The introduction of ransomware suggests that FIN8 may be diversifying its focus to maximize profits from compromised organizations.
A sophisticated Trojan campaign called Blackmoon has been tracked by cybersecurity firm Rapid7 since November 2022. This campaign primarily targets businesses in the United States and Canada but does not aim to steal credentials. Instead, Blackmoon implements evasion and persistence techniques to drop unwanted programs and remain undetected for as long as possible.
Cisco Talos has identified a newly discovered driver-based browser hijacker named “RedDriver” that specifically targets Chinese language browsers. The developers behind RedDriver are likely native Chinese speakers as well. This hijacker has been active since at least 2021 and intercepted browser traffic using the Windows Filtering Platform. The development of RedDriver suggests the involvement of highly skilled threat actors due to the complex nature of Windows drivers and the need for deep knowledge of the operating system.
Lastly, researchers at Check Point Research, in collaboration with Claroty Team82, have uncovered security vulnerabilities in the QuickBlox chat and video messaging framework. These vulnerabilities could potentially allow threat actors to access user databases and put millions of user records at risk. However, after discovering the flaws, Team82, CPR, and QuickBlox worked together to resolve the vulnerabilities. QuickBlox committed to designing a new, secure architecture and API and urged its customers to migrate to the latest version to mitigate the risks.
Overall, these recent developments in the cybersecurity landscape highlight the growing sophistication of cybercriminals and the constant need for organizations to remain vigilant in their defense against evolving threats. From the emergence of ethics-free AI models like WormGPT to the diversification of attack methods by groups like FIN8, the cybersecurity community must continue to adapt and implement robust measures to protect against these persistent risks.