Tag Archive for: hackers

Malware Alert! Hackers Attacking Indian Android users


A new malware campaign has been identified targeting Android users in India.

This sophisticated attack distributes malicious APK packages to compromise personal and financial information. The malware, available as a Malware-as-a-Service (MaaS) offering, underscores the evolving threat landscape in the digital age.

Symantec, a global leader in cybersecurity, has stepped up to protect users from this emerging threat.

The Rise of Malicious APKs

The campaign has been meticulously designed to spread malware through APK packages disguised as legitimate applications.

Document

Free Webinar : Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

:

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

AcuRisQ, that helps you to quantify risk accurately:

These applications, which appear to offer services such as customer support, online bookings, billing, or courier services, are vehicles for a range of malicious activities.

Once installed, the malware targets the theft of banking information, SMS messages, and other confidential data from victims’ devices.

This strategy of disguising malicious software as harmless applications is not new but remains highly influential.

The attackers exploit the trust users place in app downloads, particularly those offering valuable services.

Broadcom has recently released a report on a Malware-as-a-Service (MaaS) campaign specifically targeting Android users in India.

The attack represents a threat to the security of Android devices in the region and can potentially cause significant damage to individuals and organizations.

Symantec has identified the malware through its robust security systems, classifying it under two main categories:

Mobile-based Threats:

  • Android.Reputation.2
  • AppRisk: Generisk

Web-based Threats:

The campaign’s infrastructure, including observed domains and IPs, falls under security categories protected by…

Source…

Hackers can access your private, encrypted AI assistant chats


Facepalm: For some, AI assistants are like good friends whom we can turn to with any sensitive or embarrassing question. It seems safe, after all, because our communication with them is encrypted. However, researchers in Israel have discovered a way for hackers to circumvent that protection.

Like any good assistant, your AI knows a lot about you. It knows where you live and where you work. It probably knows what foods you like and what you are planning to do this weekend. If you are particularly chatty, it may even know if you are considering a divorce or contemplating bankruptcy.

That’s why an attack devised by researchers that can read encrypted responses from AI assistants over the web is alarming. The researchers are from the Offensive AI Research Lab in Israel, and they have identified an exploitable side-channel present in most major AI assistants that use streaming to interact with large language models, with the exception of Google Gemini. They then demonstrate how it works on encrypted network traffic from OpenAI’s ChatGPT-4 and Microsoft’s Copilot.

“[W]e were able to accurately reconstruct 29% of an AI assistant’s responses and successfully infer the topic from 55% of them,” the researchers wrote in their paper.

The initial point of attack is the token-length side-channel. In natural language processing, the token is the smallest unit of text that carries meaning, the researchers explain. For instance, the sentence “I have an itchy rash” could be tokenized as follows: S = (k1, k2, k3, k4, k5), where the tokens are k1 = I, k2 = have, k3 = an, k4 = itchy, and k5 = rash.

However, tokens represent a significant vulnerability in the way large language model services handle data transmission. Namely, as LLMs generate and send responses as a series of tokens, each token is transmitted from the server to the user as it is generated. While this process is encrypted, the size of the packets can reveal the length of the tokens, potentially allowing attackers on the network to read conversations.

Inferring the content of a response from a token length sequence is challenging because the responses can be several sentences…

Source…

Thousands Of Roku Accounts Were Compromised By Hackers


Roku City used to be a safe and welcoming place filled with picturesque purple sunsets and nostalgia-fueled movie references. Now it’s just a glorified commercial. But this is how most cities evolve, so we shouldn’t be surprised. What is surprising is that the company is not very good at discouraging hackers from taking a quick vacation to Roku City, where they subsequently compromised nearly 15,000 accounts. Gotham sure looks like the preferred fictional city right about now.

The Hollywood Reporter revealed that 15,363 Roku accounts were compromised between December 28, 2023 and February 21, 2024. Filings in California and Maine indicate that hackers obtained login data from another source to try and purchase streaming subscriptions.

A company spokesperson told The Hollywood Reporter:

Roku’s security team recently detected suspicious activity that indicated a limited number of Roku accounts were accessed by unauthorized actors using login credentials obtained from third-party sources (e.g., through data breaches of third-party services that are not related to Roku). In response, we took immediate steps to secure these accounts and are notifying affected customers. Roku is committed to maintaining our customers’ privacy and security, and we take this incident very seriously.

Bleeping Computer also reported that the stolen accounts were being sold for as little as $0.50 per account.

While it sounds scary, the company assured customers that the hackers did not gain access to “social security numbers, full payment account numbers, dates of birth, or other similar sensitive personal information requiring notification.” It seems like they really just wanted to log in to Hulu and see what Shogun is all about.

(Via The Hollywood Reporter)

Source…

Hackers can read private AI-assistant chats even though they’re encrypted


Hackers can read private AI-assistant chats even though they’re encrypted

Aurich Lawson | Getty Images

AI assistants have been widely available for a little more than a year, and they already have access to our most private thoughts and business secrets. People ask them about becoming pregnant or terminating or preventing pregnancy, consult them when considering a divorce, seek information about drug addiction, or ask for edits in emails containing proprietary trade secrets. The providers of these AI-powered chat services are keenly aware of the sensitivity of these discussions and take active steps—mainly in the form of encrypting them—to prevent potential snoops from reading other people’s interactions.

But now, researchers have devised an attack that deciphers AI assistant responses with surprising accuracy. The technique exploits a side channel present in all of the major AI assistants, with the exception of Google Gemini. It then refines the fairly raw results through large language models specially trained for the task. The result: Someone with a passive adversary-in-the-middle position—meaning an adversary who can monitor the data packets passing between an AI assistant and the user—can infer the specific topic of 55 percent of all captured responses, usually with high word accuracy. The attack can deduce responses with perfect word accuracy 29 percent of the time.

Token privacy

“Currently, anybody can read private chats sent from ChatGPT and other services,” Yisroel Mirsky, head of the Offensive AI Research Lab at Ben-Gurion University in Israel, wrote in an email. “This includes malicious actors on the same Wi-Fi or LAN as a client (e.g., same coffee shop), or even a malicious actor on the Internet—anyone who can observe the traffic. The attack is passive and can happen without OpenAI or their client’s knowledge. OpenAI encrypts their traffic to prevent these kinds of eavesdropping attacks, but our research shows that the way OpenAI is using encryption is flawed, and thus the content of the messages are exposed.”

Source…