Malware hero

Conceal Threat Alert: Hackers Mimicking ChatGPT to Spread Malware

Kaspersky recently reported on a new type of malware that targets users of the popular AI-powered chatbot, ChatGPT. The malware is designed to steal the account credentials stored in popular browsers such as Chrome, Edge, and Firefox.

The attackers used the trusted reputation of ChatGPT to their advantage. ChatGPT is a well-known and widely used AI chatbot, and users generally trust the service. This trust made it easier for the attackers to convince users to download a credential-stealing trojan that purports to be a ChatGPT app.

According to the report, the attackers created fake online ChatGPT communities that appeared to be either linked to official Open AI accounts or a reputable ChatGPT enthusiast community. These communities were intended to establish credibility as a reliable source for ChatGPT-related content. The attackers also took advantage of the common experience of the service being frequently unavailable during high traffic times.

The attackers would use these forums to distribute links to malicious files that purported to be official ChatGPT clients that would help users get around these limitations. In some cases the attackers even claimed to have credits on the associated fake accounts for purchasing premium ChatGPT services. In reality, ChatGPT is only officially distributed as a web application that does not require users to download anything, so these types of apps are fraudulent.

Once the user downloaded and installed the “ChatGPT app,” the user would receive an error message indicating that the installation was not successful or would see no activity at all. While most would attribute this to a technical error, the attack had already occurred, and the users’ browser-stored credentials had already been pilfered.

The ChatGPT Stealer is yet another example of how current methods for preventing abuse-of-trust attacks – such as imploring users to remain vigilant and to ensure that their devices have the latest security updates – simply are not enough. Solutions that take the burden off users’ shoulders, like ConcealBrowse, are the only way to stop all types of attacks delivered via the browser. ConcealBrowse scans the URLs a user opens, regardless of the source, and will block or isolate malicious or risky web sites. Even if a user trusts a link, ConcealBrowse does’t.

The ChatGPT trojan attack is a reminder that identities of trusted services can be co-opted by determined attackers. By using a combination of social engineering tactics and sophisticated malware techniques, the attackers were able to steal personal information from unsuspecting users. ConcealBrowse keeps users safe, even when they are fooled into trusting attackers. Try ConcealBrowse for free to start protecting your users today.

Written by: Conceal Research Team

ConcealBrowse hero

Why ConcealBrowse?

With nearly 65% of the global population using the internet in 2023, cyber risks initiated in the browser are growing exponentially

The internet has become an integral part of our daily lives. It provides us with vast amounts of information and resources, but it also poses a significant risk to our privacy. With the increasing use of the internet, the likelihood of online threats has increased. Hackers, cybercriminals, and governments can monitor our online activities, steal sensitive information, and manipulate data. To combat these threats, there is a growing need for secure and privacy-focused browser extensions.

The Importance of Browser Security

Overall, browser security is important to protect personal information, prevent malware infections, protect against malicious websites and browser exploits, and maintain privacy. By using a secure browser and keeping it up to date, individuals and organizations can reduce the risk of cyber attacks and protect themselves online.

  1. Protecting personal information: Browsers are often used to access sensitive information such as financial and personal data. If a browser is not secure, this information can be easily stolen by attackers through methods such as phishing scams, malware infections, or network eavesdropping.
  2. Preventing malware infections: Browsers can be targeted by attackers who use them to spread malware, such as viruses and Trojans. These infections can compromise the security of the device, steal sensitive information, and spread to other devices on the network.
  3. Protecting against malicious websites: Browsers can be tricked into accessing malicious websites that contain malware, phishing scams, or other security threats. These websites can compromise the security of the device and steal sensitive information.
  4. Protecting against browser exploits: Browsers can contain vulnerabilities that can be exploited by attackers to gain access to a device. These exploits can be used to steal sensitive information, install malware, or take control of the device.
  5. Maintaining privacy: Browsers can be used to track a user’s online activities, including their location, browsing history, and personal information. This information can be used for advertising purposes, but it can also be sold to third parties or used for malicious purposes.

How ConcealBrowse Works

ConcealBrowse uses advanced encryption technologies to protect users’ online activities and sensitive information. The extension encrypts all the data transmitted between the user’s browser and the website, making it difficult for anyone to intercept and read the information.

One of the key features of ConcealBrowse is its ability to hide users’ IP addresses. By hiding the IP address, the extension makes it difficult for websites to track users’ online activities. This helps prevent websites from collecting sensitive information, such as user behavior and personal data.

In addition to IP address hiding, ConcealBrowse also blocks trackers and advertisements. This helps to protect users from online tracking and helps to speed up their browsing experience.

Another important feature of ConcealBrowse is its support for virtual private networks (VPNs). VPNs are used to encrypt all the data transmitted over the internet, making it difficult for anyone to intercept and read the information. By integrating VPN support into the browser extension, ConcealBrowse provides users with an extra layer of security and privacy.

Benefits of ConcealBrowse

  1. Enhanced Privacy: ConcealBrowse helps protect users’ online privacy by hiding their IP addresses and blocking trackers and advertisements. This helps prevent websites from collecting sensitive information, such as user behavior and personal data.
  2. Improved Security: The extension uses advanced encryption technologies to protect users’ online activities and sensitive information, making it difficult for anyone to intercept and read the information.
  3. Fast Browsing Experience: By blocking trackers and advertisements, ConcealBrowse helps speed up users’ browsing experience.
  4. Easy to Use: ConcealBrowse is designed to be user-friendly and easy to use, without sacrificing security and privacy.

Conclusion

In conclusion, ConcealBrowse is a secure browser extension that provides users with enhanced privacy and security. With its advanced encryption technologies, IP address hiding, tracker and advertisement blocking, and VPN support, users can browse the internet with confidence, knowing that their online activities and sensitive information are protected.

crypto phishing

Conceal Threat Alert: Coinbase Employee Compromised via SMS Phishing Attack

Coinbase, a popular cryptocurrency exchange, reported being the victim of an early February cyber attack that highlights the growing threat facing cryptocurrency exchanges and other organizations of all types. 

The attack was carried out by sending fake SMS messages that appeared to be from the company’s security team to Coinbase employees. These messages contained links that, when clicked, took the employee to a phishing website that looked identical to the Coinbase login page. The employee would then enter their login credentials. When the attacker was unable to provide a multi-factor authentication token, the attacker called the employee, armed with the credentials provided via the phishing site, and convinced them to take several actions on their device. 

Coinbase notified affected customers and says they have taken steps to prevent further unauthorized access. However, this attack highlights the need for increased vigilance when it comes to cybersecurity, especially for companies dealing with sensitive financial information.

In this case, Coinbase claims they quickly identified the attack via multiple layers of security and a vigilant operator in Coinbase’s Cybersecurity Incident Response Team. Ultimately, the cost of stopping the attack was high, when stopping the attack in the browser as soon as the link was clicked could have reserved security resources expended to limit the damage once the link had been clicked. 

And Coinbase was lucky. An attack against Twilio by the same threat actors resulted in the loss of customer data. We have reported previously on attacks by other actors utilizing similar techniques that were successful, even against highly technical employees that likely received anti-phishing training.

How can enhanced browser protection prevent these attacks?

ConcealBrowse is a secure web browser extension that protects against malicious websites linked from any source, including messaging applications. ConcealBrowse uses its advanced decision engine to detect and block or isolate malicious websites before they can cause any harm.

The Coinbase attack highlights the threat facing all types of organizations and the need for increased vigilance when it comes to cybersecurity. ConcealBrowse is an important part of any cybersecurity program that can prevent attackers from ever getting a foothold in your network. Click here to try ConcealBrowse today.

Written by: Conceal Research Team

AI

Browser-Based Threat Alert: ChatGPT May Be Causing More Harm Than Good

In the cybersecurity space, ChatGPT has already helped elevate threat actors ability to maliciously deploy attacks on a global scale

At first glance, ChatGPT seems like an ethical machine model with responses programmed to address questionable inputs.  Just this week, when asked how it can be used to write phishing emails and malicious code, the following response as given: 

“I cannot provide information or assistance on how to write phishing emails or malicious code. Engaging in such activities is unethical and illegal, and OpenAI has strict policies against providing information or assistance with malicious or harmful activities.

Phishing emails and malicious code can cause significant harm to individuals and organizations, and their use should be strongly discouraged. Instead, I encourage you to focus on ethical and legal uses of AI and technology that benefit society and promote positive outcomes.”

But, when you look under the hood and begin to understand how to request information, threat actors are finding ways to leverage ChatGPT for malicious intent.   So far, we can confidently talk about ChatGPTs success in creating successful social engineering campaigns and malware.  

Social Engineering 

Recently we discussed how phishing attacks are increasing in number and complexity in a blog post, now we have a new concern.   Beyond phishing kits being made available on the dark web as discussed here, now, threat actors do not even have to access the underground to be able to receive necessary materials to perform a successful social engineering campaign.  While one has to be creative to avoid the canned “I’m sorry, but I cannot provide you with an example of a phishing email. Phishing emails are used to trick individuals into revealing their personal and financial information, and their use is illegal and unethical. It is not appropriate to use such examples for educational purposes” response, researchers around the world are proving the ability to still get creative to get the anticipated results.  What is also increasingly concerning is the language barrier problem that has previously been an advantage for security teams to detect phishing emails due to grammar mistakes and other subtle characteristics that users can detect to question the validity of an email.  

Malware

ChatGPT has been able to write “fairly decent malware” according to many sources in the early days since the release of the AI platform.  In cybersecurity forums around the world, the community has come together to talk through the abilities ChatGPT has to build software that can be used for spam, espionage, ransomware and more.  In one instance, a user in a forum explained that ChatGPT was able to provide code that included encryption, decryption and code signing capabilities.  In another forum, ChatGPT had successfully created crimeware.  The user requested ChatGPT to create a bazaar for buying and trading compromised credentials on the dark web.  

Addressing the Harm 

With an increased availability to creating malicious code and socially engineered content, organizations must be prepared to proactively protect against these new changes to the threat landscape.  Increased quantity and potential sophistication should be a concern of security teams as ChatGPT enables script kiddies around the world.  

Now, more than ever, browser security will be paramount in an organizations cybersecurity strategy.  Browsers can be targeted by attackers who use them to spread malware, such as viruses and Trojans. These infections can compromise the security of the device, steal sensitive information, and spread to other devices on the network.  Protecting users when surfing the web, opening an email, or leveraging an application will provide cybersecurity teams a level of assurance in their proactive protection abilities.  

Learn how ConcealBrowse can be a part of your organization’s strategy to protect against the harm of ChatGPT by requesting a demo today. 

computer malware

Conceal Threat Alert: Attackers Behind “Screenshotter” Malware Hit Tens of Thousands of Targets in US and Germany

On February 8th, Proofpoint reported on a new threat actor referred to as TA886, which it discovered targeting organizations in the United States and Germany using custom malware called “Screenshotter.” TA886 utilizes a few different initial attack vectors, all delivered via email. While one technique involved directly attaching malicious Microsoft Publisher files to the email, three other techniques relied on users to click on malicious links that would then be opened in the browser. 

The attackers drastically increased the scale of the attacks once they switched to the browser-based attacks, ramping up from a limited number of emails to a small group of companies with the initial Publisher attack vector, to tens of thousands malicious emails per week with the browser-accessed URL vector.

Once these URLs are loaded, the Screenshotter malware takes screenshots of the victim’s machine and sends them back to the attacker’s server for review. The attackers evaluate the screenshots and decide whether the victim is of value, dropping additional custom payloads that can include a domain profiler script and an info-stealer named “Rhadamanthys” that is loaded into memory. Once these individual tools are loaded, the attackers can steal data and credentials from the machine and map out the victim’s network for possible future lateral movement.

How can modern browser protection solutions prevent this attack?

To prevent these types of attacks, organizations can use advanced browser protection technology like ConcealBrowse’s secure browsing plugin. This plugin blocks phishing and other malicious websites and prevents users from entering login credentials on fake login pages. The technology uses computer vision to detect and block phishing websites, as well as an advanced decision engine that identifies known and suspected malicious URLs so that they can be blocked.

ConcealBrowse’s secure browser extension identifies malicious links wherever they are clicked. This means users of ConcealBrowse are proactively protected from the malicious web sites containing the Screenshotter malware, regardless of whether they receive the link in the email or from another vector.

The discovery of TA886 and their Screenshotter malware highlights the need for organizations to use browser-hardening solutions like ConcealBrowse’s secure browser extension to protect against sophisticated attacks. With ConcealBrowse, organizations can prevent attackers from stealing sensitive information and reduce the risk of data breaches and financial loss.

Written by: Conceal Research Team

Customer Testimonial: The Power of ConcealBrowse – Protecting Organizations When Trusted Sites are Compromised

What happens when a trusted partner’s web site is compromised, and actions that your employees believe to be safe no longer are? A recent incident reported by one ConcealBrowse customer highlights the importance of having effective browser protection in place and the benefits of using ConcealBrowse.

An employee of the company attempted to log into one of their partner’s websites, but attackers had compromised the partner site and replaced a link the customer routinely used with a link to a malicious website. ConcealBrowse identified that the link was malicious and isolated it so that it couldn’t affect the customer’s network.  The security team was able to use the telemetry data generated by ConcealBrowse to do a follow-up investigation and notify the affected partner that their website was compromised.

How does ConcealBrowse protect users when trusted sites are compromised?

ConcealBrowse checks the reputation of websites against a constantly updated database of known malicious sites and suspicious domains, ensuring that users are protected against the latest threats. We then use machine learning and computer vision to detect and block phishing websites in real-time. By analyzing the website’s content and behavior, ConcealBrowse can identify signs of compromise and alert the user before they become a victim.

In addition to its anti-phishing capabilities, ConcealBrowse also provides browser-based protection against malware, spyware, and other forms of cyber threats. This comprehensive approach to cybersecurity helps to keep our customers’ sensitive information and systems safe from attack.

Phishing attacks are becoming more sophisticated, and traditional methods of protection such as email-based anti-phishing software and user training are no longer enough. That is why having ConcealBrowse’s browser-based security solution is essential for companies looking to protect themselves from these types of attacks.

Our customer’s recent experience highlights the importance of having effective anti-phishing software in place, and the benefits of using ConcealBrowse. Our software provides real-life protection against phishing attacks, helping companies to keep their sensitive information and systems safe from harm.

If you would like to learn more about how ConcealBrowse can protect your company from phishing, ransomware, and other browser-based attacks, schedule a demo today.

Phishing Attacks Evade Traditional Security Defenses

Native security is no longer sufficient, requiring organizations to invest in a new approach, a Zero Trust model.

 We talk a lot about the growing sophistication of the threat landscape and attack vectors.  Part of these advancements include the threat actors’ ability to bypass security defenses that have been created from specific signatures and characteristics that traditional phishing attacks possessed.

Dissecting the Success of Phishing Attacks

Phishing campaigns are successful for two key reasons: people and process.  It is a combination of these two components of a phishing campaign that have led to the shortcomings of traditional security tools and measures.

People

The traditional characteristics of a phishing attack, such as grammar errors, misspellings, unfamiliar email addresses, and an unusual request, no longer exist.  Rather, a single lapse in judgment is enough to have users fall victim to a phishing attack anymore.  Traditional security training does not provide a user with the degree of awareness needed to point out a phishing campaign in the twenty-first century.  Spoofed email addresses, brand impersonation, and browser updates all seem legitimate at first and second glance.  Phishing attack cues are evolving.

Process

Today, the legitimacy of the channels for which phishing attacks occur make the bypassing of traditional security defenses a rather easy feat.  Email, web browsers, and social media applications have complicated the required security measures to detect and respond to phishing attacks.  The process of running a phishing campaign is quite novice, making it an easy attack vector for amateur threat actors to leverage.  The technical knowledge necessary to deploy a phishing attack is minimal and with entire phishing kits for sale at a low cost on the dark web, the pure quantity of attacks continues to rise.

Traditional Defenses Are Not Enough

As explored above, the traditional approach to protecting against a phishing attack is unlikely to prove successful.  It’s the combination of convincing users that the correspondence is legitimate and being able to dodge traditional security measures that escalates the severity and success of phishing attacks in 2023.  Rather, organizations need to invest in technical controls for a sophisticated social engineering landscape.

Change in Approach

To protect against phishing attacks in 2023, activity needs to be judged on an instance-by-instance basis, meaning, every email link clicked, every Google Chrome update, every URL visited, needs to pass through its own filters.  The zero-trust model is critical to minimizing the success of social engineering attacks.  With this model, only proven safe activity should be trusted.  In the terms of cybersecurity, this is similar to a whitelist approach.  The issue with a whitelist approach is that employees still need to be able to complete their responsibilities with ease, not bumping against the whitelist that exists.  As a result, a modified approach to filtering needs to be taken, recognized whitelist activity can continue per usual, while additional questioning and isolation is conducted for new traffic.  Beyond the additional security this approach provides, it also establishes a level of confidence and comfortability for the employee that they are being cyber smart without them having to second guess every click on their company network.

Here at Conceal, our browser exists to bring this zero trust approach to life at the edge.  To find out how we can help you change your approach to address phishing and other social engineering attacks on the web, request a demo today.

Phishing email

Conceal Threat Alert: Reddit Internal Systems Compromised by Targeted Phishing Attack

On February 9th, Reddit reported a security incident that resulted from a sophisticated and highly-targeted phishing attack. The attacker sent out plausible-sounding prompts to Reddit employees that pointed them to a website that cloned the behavior of the company’s intranet gateway, to steal credentials and second-factor tokens. After successfully obtaining a single employee’s credentials, the attacker gained access to internal documents, code, and internal business systems.

Reddit reported that their investigation so far has shown that user passwords and accounts are safe, and that the primary production systems, which run Reddit and store the majority of its data, have not been breached. However, the exposure included contact information for company contacts and employees (current and former), as well as advertiser information.

Reddit’s security team responded quickly to the incident, removing the infiltrator’s access, and commencing an internal investigation. The company reported that its response includes training employees to improve their security skills, reminding users to set up two-factor authentication (2FA) and to use a password manager to protect their accounts.

ConcealBrowse’s browser-based phishing protection extension could have helped prevent this attack. The anti-phishing capabilities built in to ConcealBrowse can identify phishing sites utilizing computer vision and machine learning algorithms in addition to threat intelligence and domain name risk assessments. When ConcealBrowse identifies a potentially dangerous site, it opens it in an isolated environment outside of your network. Phishing sites are then identified, and users are blocked from inputting credentials or providing personal information. By adding an extra layer of security to the browsing experience, ConcealBrowse protects users from falling victim to phishing attacks, even when the emails and websites look legitimate.

How could Conceal’s browser isolation and advanced phishing protection have prevented this attack?

Reddit’s recent security incident serves as a reminder of the importance of being vigilant and proactive about online security. By taking simple measures such as setting up 2FA, using a password manager, risk can be reduced. However, this incident proves it only takes one user making the wrong decision to cause severe reputational and monetary damage to your company. By adding ConcealBrowse’s browser-based phishing protection extension, your company can take the responsibility for stopping phishing out of the hands of the user.

Click here to sign up for a free trial of ConcealBrowse to see for yourself how you can protect your company from expensive, reputation-damaging phishing attacks.

Written by: Conceal Research Team