Skip to content

Rapid Coverage of a World Gone Full Cyberpunk

  • Channels
    • #AxisOfEasy
    • Metaviews
    • Of Two Minds
    • Venture Crapital
  • Podcast
  • Our Mission
  • Contributors
  • Books
  • Home
  • #AxisOfEasy
  • #AxisOfEasy 296: RedLine Stealer MaaS Latest Example Of Hackers Exploiting Generative AI Technologies As AI Platforms Gain Popularity

#AxisOfEasy 296: RedLine Stealer MaaS Latest Example Of Hackers Exploiting Generative AI Technologies As AI Platforms Gain Popularity

May 2, 2023May 3, 2023 Mark E. Jeftovic

Weekly Axis Of Easy #296


Last Week’s Quote was“Of all tyrannies a tyranny sincerely exercised for the good of its victims may be the most oppressive,”  was by C.S Lewis.  Our winner is James Mellander.  Well done James…. Edited for correction.  We have two winners for last week…. Sam Bennett also got it right but  sooner.  Human error mistook the time stamp !  Congrats to Sam too!  

This Week’s Quote:  “Good people do not need laws to tell them to act responsibly, while bad people will find a way around the laws.”  By ???

THE RULES:  No searching up the answer, must be posted at the bottom of this post, in the comments section.

The Prize: First person to post the correct answer gets their next domain or hosting renewal on us.


This is your easyDNS #AxisOfEasy Briefing for the week of May 1st, 2023 our Technology Correspondent Joann L Barnes and easyCEO Mark E. Jeftovic send out a short briefing on the state of the ‘net and how it affects your business, security and privacy.
 
For more commentary and insight into last week’s top issues, tune in to Joey Tweets, and Len the Legend for the AxisOfEasy the podcast edition.

In this issue:
  • RedLine stealer MaaS latest example of hackers exploiting generative AI technologies as AI platforms gain popularity
  • Multiple salesforce websites have disclosed personal information
  • Paul Thacker defends Tucker Carlson, says WHO stealth-edited vaccine information to censor Tucker
  • In latest ransomware attack, hackers leak massive cache of Minneapolis public school student information, demand $1M
  • ‘Evasive Panda’ from China snoops on software updates
 
Elsewhere online:
  • The EARN IT Act is back and it is reviving the encryption issue at a crucial time
  • Latest Uptycs Report Details New Ransomware Strain Capable of Attacking Linux Machines
  • Malverposting Campaign Might Have its Origin in Vietnam
  • Check Point’s latest research pointed hacking activities originating from Iran
  • China’s Latest Steps to Expand its Cyber Capacities Raise Alarm for US Military Officials, Concern about Rivals’ Increasing Military Capacity


RedLine stealer MaaS latest example of hackers exploiting generative AI technologies as AI platforms gain popularity

As generative AI platforms like OpenAI’s ChatGPT and Google Bard continue to dominate headlines, cybercriminals have been quick to target victims in new, unsuspecting ways. According to security researchers at Veriti, a new “malware-as-a-service (MaaS) campaign that leverages the popularity of these AI platforms to distribute a strain of malware known as RedLine Stealer,” reads a Veriti blog post.

The potential for threat actors to leverage this latest technology for their own nefarious uses is impressive. Generative AI platforms can package AI in mobile applications or as open source, which, according to Veriti researchers, “creates the perfect excuse for malicious actors to trick naïve downloaders.” That means “the potential impact of such attacks is significant, as hackers could steal confidential data, compromise financial accounts, or even disrupt critical infrastructure,” the researchers wrote. “Moreover, these attacks are becoming more sophisticated, making detecting and preventing them harder.”

In the case of the MaaS RedLine Stealer, cybercriminals steal data from compromised devices, allowing individuals with even limited technical knowledge to launch sophisticated cyberattacks. Because “the MaaS ecosystem operates through online forums that act as marketplaces for malicious actors to advertise their malware and stolen data, the forums offer a range of services, including access to malware, stolen data and even hacking tools,” say Veriti researchers.

RedLine Stealer, in particular, “is designed to steal sensitive information from web browsers, including credit card details, saved credentials and autocomplete data.” It can also gather information on the user, location, hardware, and installed security software, upload and download files, execute commands, and send back information about the infected computer at regular intervals. Verity warns that organizations would be wise to “recognize that the availability of MaaS and other types of tactics, threats and procedures, is growing quickly and becoming more difficult to detect.”

Read: https://securityboulevard.com/2023/04/hackers-exploit-generative-ai-to-spread-redline-stealer-maas/

 

Multiple salesforce websites have disclosed personal information

A popular cloud-based software program called Salesforce Community makes it simple for businesses to swiftly construct websites. However, on their open Salesforce Community websites, a startling number of businesses, notably banks and medical firms, are disclosing confidential and private information. A configuration error in Salesforce Community that enables an unauthorized user to view records that should only be accessible after logging in is the root cause of all the data exposures.

Moreover, unintentionally granting visitors permission to utilize internal resources is a common occurrence among Salesforce administrators. Chief Information Security Officer for Vermont Scott Carbee reported that his security teams have been thoroughly reviewing their Salesforce Community sites and have already discovered one additional state-run Salesforce site that was also incorrectly configured to permit visitor access to sensitive data.

Akiri’s research was used by KrebsOnSecurity on Monday to alert Washington, D.C. city officials that at least five separate public D.C. Healthcare websites were exposing private data. The entire name, address, Social Security number, date of birth, license number, and expiration of one D.C. Health Salesforce Community website for healthcare professionals looking to renew their city licenses were among the information that was exposed.

Read: https://krebsonsecurity.com/2023/04/many-public-salesforce-sites-are-leaking-private-data/


Paul Thacker defends Tucker Carlson, says WHO stealth-edited vaccine information to censor Tucker

On April 28th, Paul Thacker, former lead investigator to Sen. Chuck Grassley, joined the Tucker Carlson debate by publishing an article on the topic over at The Disinformation Chronicle. In his article, Thacker outlined the massive role of the media in shaping popular narrative while simultaneously cautioning against the danger of a single, curated story.

According to Thacker, Tucker Carlson was the black sheep of journalism, easily scapegoated by his fellow journalists for his controversial hot takes. Thacker, however, believes Carlson was the unwitting victim of an organized attack designed to publicly discredit him and his opinions. Nowhere was this more clearly observed, says Thacker, than when Carlson publicly called out the World Health Organization for backtracking on its original advice to not vaccinate young children during the early days of the pandemic.

When Carlson’s June 2021 report on the WHO’s vaccine recommendations hit Twitter, Thacker claimed that the WHO stealth edited their COVID vaccine page to remove language Tucker cited in his op-ed. The following day, Twitter officials began discussing Tucker’s essay and how to limit its impact without calling attention to Tucker and creating “political risks” for Twitter by directly censoring Fox News.

In several leaked emails, Twitter officials can be found scrambling back and forth to control vaccine information and limit damage to the WHO’s reputation. According to a previously reported Twitter File, Twitter began helping their client Johnson & Johnson market the pharma company’s COVID vaccine in early 2021 while simultaneously removing tweets for what they called vaccine “misinformation.” In the end, Twitter apparently chose to ignore Tucker’s op-ed itself and annotate tweets for “vaccine misinformation” if the tweet were to “explicitly advance the claims in the op-ed itself.”

Thus, says Thacker, Carlson’s voice was effectively subdued and wrongfully censored. According to Thacker, Big Tech took many steps to ensure they were not held complicit in withholding key pieces of information during the pandemic, thus costing thousands of people their lives.

Read: https://www.zerohedge.com/political/twitter-files-who-stealth-edited-vaccine-info-help-twitter-censor-tucker-carlson


In latest ransomware attack, hackers leak massive cache of Minneapolis public school student information, demand $1M

Hackers have circulated an enormous cache of student and teacher information online after breaking into Minneapolis Public Schools earlier this year. Files from the Minneapolis school district were posted online in March following the announcement that the district had been attacked by ransomware. More than 500 documents were able to be downloaded and reviewed by NBC News. These documents included information about children’s contact details, abuse by teachers, psychological reports by students, and teachers’ social security numbers, as well as much more sensitive information.

In addition to leaking the cache, which contains some 200 000 files, the ransomware group has also taken one step further by posting the contents of these documents on public platforms like Facebook and Twitter—an atypical move for this kind of ransomware attack. The Minneapolis Public Schools have declined to answer specific questions about the documents; however, they have assured the public that they are working with “external specialists and law enforcement to review the data.” School district interim superintendent Rochelle Cox announced on April 11 that the district was reaching out to individuals whose personal information had been leaked.

Cybersecurity experts describe the leak as among the worst they have seen. Embsisoft analyst Brett Callow commented on the issue: “It’s awful. As bad as I’ve seen.“

Since 2015, ransomware attacks have become increasingly common in schools across the U.S., resulting in hackers releasing sensitive information. In the U.S., 122 school districts have been affected by ransomware since 2021, Callow said, and 76 have allowed hackers to leak student and school information.

Read: https://www.nbcnews.com/tech/security/students-psychological-reports-abuse-allegations-leaked-ransomware-hac-rcna79414

 

‘Evasive Panda’ from China snoops on software updates

Chinese advanced persistent threat (APT) actors have been using genuine application update routes for software developed by Chinese companies to spread their own malware. Over the course of two years, the attacks have targeted individuals in China and Nigeria. Eset researchers have discovered that this malicious activity is aimed at stealing passwords and data for cyber espionage.

Identifying the Chinese APT was a simple task, as the MgBot backdoor was never used by any other threat actors. This modular malware allows Evasive Panda to spy on victims and enhance its capabilities as required.

Security experts warn that these attacks are difficult for organizations to detect and prevent as they appear legitimate to end users. In their post, Eset researchers published a list of indicators of compromise (IoCs) to assist potential victims in avoiding compromise.

Kaspersky researchers cautioned in their report on the LuoYo attack that the only way for potential targets to defend against such attacks is to remain vigilant and take necessary security measures.

Read: https://www.darkreading.com/attacks-breaches/china-evasive-panda-hijacks-software-updates-custom-backdoor


Elsewhere online: 

The EARN IT Act is back and it is reviving the encryption issue at a crucial time
Read: https://cyberscoop.com/earn-it-stop-csam-encryption-privacy/


Latest Uptycs Report Details New Ransomware Strain Capable of Attacking Linux Machines
Read: https://thehackernews.com/2023/04/rtm-lockers-first-linux-ransomware.html


Malverposting Campaign Might Have its Origin in Vietnam
Read: https://www.infosecurity-magazine.com/news/vietnamese-hackers-malverposting/


Check Point’s latest research pointed hacking activities originating from Iran
Read: https://cyware.com/news/power-play-iranian-hackers-execute-attacks-with-powerless-backdoor-6770d8a2/


China’s Latest Steps to Expand its Cyber Capacities Raise Alarm for US Military Officials, Concern about Rivals’ Increasing Military Capacity
Read: https://www.cpomagazine.com/cyber-security/us-intelligence-leak-china-is-focusing-cyber-capabilities-on-capturing-shutting-down-satellites/

 

Previously on #AxisOfEasy

If you missed the previous issues, they can be read online here:

  • April 24th, 2023: Facebook Censors Pulitzer Prize Winner’s Critique Of US Involvement In Nord Stream Pipeline Attack
  • April 17th, 2023: TikTok Facing £12.7M Fine From ICO For Regulatory Issues For The Use Of Children’s Data
  • April 10th, 2023: Clearview AI Admits To Nearly 1 Million Uses By US Law Enforcement
  • April 3rd, 2023: Online Safety Bill Introduces Mass Surveillance, Leaves Citizens’ E2E Encrypted Messages Vulnerable To Criminal And Foreign Activity
  • March 27th, 2023: 291: Chinese Budget Shopping App, Pinduoduo, Temporarily Suspended On Google Play Store Over Malware Concerns

 

 

 

 

 
#AxisOfEasyTagged: AI, Akiri, APT, Brett Callow, Check Point, EARN IT, Embsisoft, Evasive Panda, IoCs, Kaspersky, KrebsOnSecurity, Linux, LuoYo, MaaS, MgBot, Paul Thacker, ransomware, RedLine, RedLine Stealer, Salesforce Community, Sen. Chuck Grassley, Tucker Carlson, UPtycs, Veriti, Vermont Scott Carbee, WHO

Post navigation

Crystal Balls, Soothsayers and AI, Oh My!
What If the Fed Has Lost Control?

Related Posts

#AxisOfEasy 164: Ransomware Attack On German Hospital Causes A Fatality

FTC is preparing anti-trust case against Facebook
Facebook sued for watching Instagram users through their device camera
Suspicious activity spotted on previously hacked CRA accounts and more in AofE #164

Do You Know Palantir? They Know You.

Weekly Axis Of Easy #46  In this issue: Private intelligence agency leaks scraped data of 48 million people Do you know Palantir? They know you. Breached chat service leaks data of K-Mart, Best Buy customers New fileless malware eludes antivirus scanners Honduran government unveils new cyber censorship laws Facebook plays shell game with Euro Privacy […]

#AxisOfEasy 147: FBI End-Runs Apple’s Security By Hiring Outside Vendor To Crack iPhone

CCP monitors foreign WeChat to tune domestic censorship…Negative oil price triggers trading software bug, wipes out trader…
What to do about fake news when the gatekeepers are worse …and more in AofE #145

3 thoughts on “#AxisOfEasy 296: RedLine Stealer MaaS Latest Example Of Hackers Exploiting Generative AI Technologies As AI Platforms Gain Popularity”

  1. Joe Goldblatt says:
    May 2, 2023 at 6:18 pm

    I knew FB would come in handy one of these days. This weeks quote is from Plato.

    Reply
  2. Brian Fox says:
    May 2, 2023 at 6:24 pm

    Me: Who said ” Good people do not need laws to tell them to act responsibly, while bad people will find a way around the laws.”
    ChatGPT: “This quote is often attributed to Plato, a Greek philosopher who lived from 428/427 BC to 348/347 BC. However, there is no direct evidence that he actually said or wrote these words. The quote is likely a paraphrase or a modern interpretation of some of Plato’s ideas about the nature of human beings and their capacity for moral behavior. Nonetheless, the quote has become popular and is often cited in discussions about the effectiveness of laws and regulations in promoting responsible behavior.”

    Reply
  3. Veronika Ho says:
    May 2, 2023 at 6:54 pm

    This week’s quote was by Plato.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Loading

Search Blog

Recent Posts

  • Now That the Parasites Have Consumed the Host….
  • The Miracles of Moderate Exercise
  • #AxisOfEasy 403: Meta And Yandex Caught Spying On Millions Of Android Users Without Consent
  • The Ratchet Effect: Easy to Spend More, Spending Less Triggers Collapse
  • What AI Can’t Do Faster, Better, or Cheaper Than Humans
  • #AxisOfEasy 402: Claude 4 Opus Emerges As Powerful But Risky AI Model With Deceptive Behaviors
  • My Job Is to Say No–with One Exception
#AxisOfEasy is brought to you by.... easyDNS
Power & Freedom™ since 1998

Categories

  • #AxisOfEasy
  • Cybersecurity
  • FreedomTech
  • FreeSpeech
  • Metaviews
  • Of Two Minds
  • Venture Crapital

Copyright © 2025 | Marvel Blog by Ascendoor | Powered by WordPress.

  • Channels
    • #AxisOfEasy
    • Metaviews
    • Of Two Minds
    • Venture Crapital
  • Podcast
  • Our Mission
  • Contributors
  • Books