WormGPT: New AI Tool Helps Hackers Generate Credible Emails for BEC Attacks
- Written by Shipra Sanganeria Cybersecurity & Tech Writer
A new generative AI tool by the name of WormGPT recently emerged on a prominent forum associated with threat actors. The AI module specifically designed for malicious activities can become a powerful tool in the hands of cyber criminals wanting to launch phishing and business email compromise (BEC) campaigns.
The tool based on the open-source GPT-J language model comes laden with various features including ‘’unlimited character support, chat memory retention, and code formatting capabilities,’’ reported SlashNext . Moreover, it’s suspected to have been trained on a variety of data sources, especially malware-related data sets.
WormGPT, presented as a blackhat alternative to GPT models is being touted as the biggest enemy of ChatGPT, with the ability to help even novice cybercriminals launch sophisticated attacks. It can help attackers create fake persuasive, personalized emails with impeccable grammar, thus reducing chances of being flagged as suspicious. This was revealed in an experiment conducted by researchers at SlashNext.
‘’WormGPT produced an email that was not only remarkably persuasive but also strategically cunning, showcasing its potential for sophisticated phishing and BEC attacks.’’
Along with the development of these generative AI modules, cybersecurity researchers have also noticed promotion of ‘’jailbreaks’’ for ChatGPT. These are specialized inputs created to manipulate such tools to generate output that could involve disclosing sensitive information, producing inappropriate content, and executing harmful code.
According to SlashNext, the adoption of AI and use of such practices by determined cybercriminals underlines the growing challenges that organizations today face in ensuring AI security.
To safeguard against such BEC attacks, it is essential that companies follow a multi-faceted approach. This includes developing extensive BEC-specific training programs that educate employees about AI augmented threats and tactics employed by threat actors. Enforcing stringent email verification processes and deploying measures that help detect potential malicious emails, especially the ones containing keywords linked to BEC attacks.
Realst: New Rust-based Mac Malware Targets Crypto Wallets of Apple Users
- Written by Shipra Sanganeria Cybersecurity & Tech Writer
A new information stealer dubbed ‘Realst’ is being used to target macOS users. Designed with multiple variants, the malware is ready to target Apple’s major operating system release, macOS 14 Sonoma.
First discovered by security researcher iamdeadlyz , the malware written in Rust is being distributed to both Windows and macOS users through multiple bogus blockchain games. Windows users are being infected with infostealers like RedLine Stealer and Mac users by Realst.
Using social media platforms, the attackers initially try to convince their targets to take part in a paid collaboration. Testing fake games like Brawl Earth, WildWorld, Dawnland, Destruction, Evolion, Pearl, Olymp of Reptiles, and SaintLegend, the attacker deploys the infostealer onto the targeted system to steal sensitive information and empty cryptocurrency wallets. ‘’Each version of the fake blockchain game is hosted on its own website complete with associated Twitter and Discord accounts,’’ stated SentinelOne report .
The malware targets Firefox, Chrome, Opera, Brave, and Vivaldi browsers but Apple Safari was the only exception among the analyzed browsers. The malware also has the capability to capture screenshots and download information from Telegram.
‘’Most variants attempt to grab the user’s password via osascript and AppleScript spoofing,’’ Realst also performs a basic check to confirm the host machine is a real or virtual one ‘’via sysctl -n hw.model,’’ the report read.
During the investigation, it was also found that ‘XProtect’ Apple’s malware blocking service was unable to prevent the execution of this malware. Furthermore, SentinelOne analyzed 59 malicious Mach-O samples and found distinct differences among the identified 16 variants of the malware.
‘’The number of Realst samples and their variation shows that the threat actor has invested serious effort in order to target macOS users for data and crypto wallet theft,’’ SentinelOne said. ‘’Given the current popular interest in blockchain games, which promise users the reward of making money while gaming, users and security teams are urged to treat solicitations to download and run such games with extreme caution.’’
Moreover, the growing popularity of infostealers and their availability as malware-as-a-service offering should also be taken into consideration while deploying security solutions, especially with the increasing availability of stolen data, packaged and sold on dark web and Telegram platforms.
