llicit Inferno Malware Poses as Coinbase, Siphoning $87 Million from 137,000 Victims

The operators of the now-defunct Inferno Drainer devised a scheme where they created over 16,000 unique malicious domains within a year, from 2022 to 2023. Utilizing high-quality phishing pages, they tricked unsuspecting users into connecting their cryptocurrency wallets to the attackers’ infrastructure, which spoofed Web3 protocols to deceive victims into authorizing fraudulent transactions. During its active period from November 2022 to November 2023, Inferno Drainer managed to scam over 137,000 victims and accumulate illicit profits exceeding $87 million.

The malware, known as Inferno Drainer, operates within a broader network of similar services offered to affiliates under the scam-as-a-service (or drainer-as-a-service) model, where they receive a 20% share of their earnings. Notably, customers of Inferno Drainer had the choice to deploy the malware on their own phishing sites or take advantage of the developer’s service for creating and hosting phishing websites, either at no additional cost or with a 30% fee based on the stolen assets. Group-IB reveals that this activity involved the imitation of more than 100 cryptocurrency brands through meticulously crafted pages hosted on over 16,000 distinct domains.

Furthermore, Group-IB warns that the success of Inferno Drainer has the potential to inspire the creation of new drainers and contribute to a significant increase in websites hosting malicious scripts that imitate Web3 protocols. They suggest that 2024 might be dubbed the “year of the drainer” due to these emerging threats. “Although Inferno Drainer is no longer active, its notable presence throughout 2023 underscores the substantial dangers faced by cryptocurrency holders as drainers evolve,” stated Andrey Kolmakov, the head of Group-IB’s High-Tech Crime Investigation Department.

Read: https://thehackernews.com/2024/01/inferno-malware-masqueraded-as-coinbase.html

Google Patches Actively Exploited Zero-Day Vulnerability of 2024

Google has released updates to address four security issues in its Chrome browser, including a zero-day flaw that is being actively exploited. The flaw, known as CVE-2024-0519, involves an out-of-bounds memory access in the V8 JavaScript and WebAssembly engine. This could potentially be exploited by threat actors to cause a crash and bypass protection mechanisms such as ASLR.

The issue was reported anonymously on January 11, 2024, and further details about the attacks and potential threat actors have been withheld to prevent further exploitation. This marks the first actively exploited zero-day to be patched by Google in Chrome in 2024.

Users are advised to upgrade to specific Chrome versions to mitigate potential threats. Users of other Chromium-based browsers like Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes when they become available.

Read: https://thehackernews.com/2024/01/zero-day-alert-update-chrome-now-to-fix.html

Military Use of AI No Longer Explicitly Barred in OpenAI’s Updated Policies

In a significant policy shift, OpenAI, the maker of ChatGPT, has revised its usage policies, removing specific prohibitions on the use of its AI technology for “military and warfare.” The previous policy explicitly barred the use of OpenAI models for weapons development and military purposes.

The updated Universal Policies, however, prohibit the use of its services to harm others or repurpose any output from its models to cause harm. OpenAI clarified that while their tools cannot be used to harm people or develop weapons, there are national security use cases that align with their mission.

This change has sparked concerns among some observers, who interpret it as a softening stance against collaboration with defense or military-related organizations. The potential risks posed by AI have been underscored by several experts, including OpenAI CEO Sam Altman.

A research study led by Anthropic revealed that “evil” or “bad” AI models cannot be retrained to be “good” using existing techniques. The researchers warned that once a model exhibits deceptive behavior, standard techniques could fail to eliminate such deception, creating a false sense of safety.

Furthermore, the use of adversarial training to halt such deceptive behavior can inadvertently teach the models to better recognize their backdoor trigger, effectively concealing unsafe behavior. This revelation adds another layer of complexity to the ongoing debate about the ethical use of AI

Read: https://www.computerworld.com/article/3712184/openai-deletes-fine-print-on-military-use-of-its-ai-technology.html

Senators Wyden and Lummis Demand Probe into SEC Account Hack Causes Bitcoin Price Hike

Lawyers representing young YouTube users are pressing a federal judge to allow them to proceed with a 5-year-old lawsuit over allegations that the platform — along with channel operators including Cartoon Network, DreamWorks, Mattel and Hasbro — violated children’s privacy by tracking them in order to serve targeted ads.

In papers filed Thursday with U.S. District Court Judge Beth Labson Freeman in San Jose, counsel argues that Google and the operators “failed to implement any measures to safeguard the privacy of minors,” such as obtaining parental consent.

“Plaintiffs are minor children who themselves could not properly consent to Google’s profiling,” the attorneys write.

The argument comes in a battle dating to 2019, when California resident Nicole Hubbard sued YouTube and various channel operators on behalf of her 5-year-old child, who viewed YouTube channels aimed at young children.

Hubbard’s complaint, later joined by other parents, came around two months after Google agreed to pay $170 million to settle allegations by the Federal Trade Commission and New York Attorney General that YouTube wrongly collected data via cookies from viewers younger than 13.

The complaint included a claim that Google engaged in “intrusion upon seclusion” — a privacy charge that can be brought in California and several other states, and involves “highly offensive” conduct.

Freeman initially threw out the lawsuit, ruling it was foreclosed by the federal Children’s Online Privacy Protection Act. That law prohibits website operators and apps from knowingly collecting tracking data from children under 13, without parental consent. It also doesn’t allow for private lawsuits; instead, the Children’s Online Privacy Protection Act tasks the FTC and state attorneys general with enforcement.

Last year, a panel of the 9th Circuit Court of Appeals reinstated the case, ruling that the federal children’s privacy law doesn’t prevent people from bringing private lawsuits for related privacy claims such as intrusion upon seclusion.

Read: https://www.infosecurity-magazine.com/news/senators-probe-sec-hack-bitcoin/

USSS Special Agent Exposes Fake Norton Antivirus Renewal Phishing Tactics

In a seizure warrant application, the U.S. Secret Service sheds light on how threat actors stole $34,000 using fake antivirus renewal subscription emails.

The warrant was submitted by Special Agent Jollif of the United States Secret Service (USSS) to recover funds stolen in a fake Norton subscription renewal email. This email allowed the threat actor to gain access to a victim’s PC and bank account.

The stolen money was stored in a Chase bank account belonging to someone named “Bingsong Zhou,” associated with phishing scams impersonating Norton Antivirus renewal subscriptions. These phishing emails claim that the recipient is about to be charged for renewing an antivirus subscription license and to call the enclosed number to cancel it.

The victim calls the phone number listed on the email, and from there, the scammers direct them to perform various actions such as installing remote access software on their computers, infecting themselves with malware, and entering their account credentials on a phishing page.

This type of scam has been ongoing for many years, but Jollif stated that the activity has recently been on the rise.

Read:
https://www.bleepingcomputer.com/news/security/us-court-docs-expose-fake-antivirus-renewal-phishing-tactics/

DMARC: New Email Policies at Google and Yahoo kick in Feb 1st

As of February 1st, Gmail and Yahoo will start enforcing a requirement for Domain-based Message Authentication, Reporting and Conformance (“DMARC“).

Not having this in place by then will affect your deliverability to places like Google and Yahoo – your messages will have a much higher likelihood of being delivered straight to spam.

Fortunately, setting up DMARC for your domains is quite simple, just like an SPF record, which you hopefully already have in place.

We’re covering the rollout of DMARC policy enforcement and outlining the steps we’re taking to get all of your easyMail domains ready for it:

Read more here:

https://easydns.com/blog/2024/01/19/new-email-policies-at-gmail-yahoo-et-al-will-require-dmarc-enabled-domains/

 
Elsewhere Online:

Children’s Media Networks Under Fire Over Children’s Data Privacy
Read: https://www.mediapost.com/publications/article/392656/youtube-cartoon-network-others-continue-battle-o.html

Legal Filing Safeguards Douglass Mackey’s Freedom of Speech: A Stance Against Censorship
Read: https://reclaimthenet.org/legal-filing-defends-douglass-mackeys-free-speech-rights

Data Exposure Risk: Vulnerability in Apple, AMD, and Qualcomm GPUs Poses Threat to AI Systems and Generative AI
Read: https://www.wired.com/story/leftoverlocals-gpu-vulnerability-generative-ai/

Trademark Threats Used in New Phishing Scam Against META Businesses
Read: https://www.hackread.com/phishing-scam-meta-businesses-trademark-threats/

CISA Reports Active ‘Androxgh0st’ Attack on AWS and Microsoft 365 Accounts
Read: https://www.darkreading.com/cloud-security/cisa-aws-microsoft-365-accounts-androxgh0st-attack

Previously on #AxisOfEasy