By Welcome to this week’s CyberNews! Here’s a quick roundup of recent cybersecurity developments.
Kaspersky Automatically Installs UltraAV, Deletes Itself on U.S. Machines
Kaspersky has recently installed UltraAV antivirus on nearly 1 million U.S. machines after its products were banned from U.S. markets, due to national security concerns. Without prior sufficient notification and user consent, Kaspersky deleted itself and transferred users to UltraAV, causing confusion and complaints.
The transition, led by Pango Group, left users frustrated due to poor communication and lack of transparency. Despite the updated product UltraAV’s comparable security features, it’s features did not fully transmit. UltraAV lacks some of Kaspersky’s advanced protection options, such as webcam and online payment security.
Necro Android Malware Found in Popular Camera and Browser Apps on Play Store
Necro malware has made a comeback, this time infiltrating legitimate Android apps, including Wuta Camera and Max Browser, which were downloaded over 11 million times.
Kaspersky researchers found that the Necro malware evades detection using steganography and malicious advertising SDKs. Although the compromised apps have been updated or removed, users are still urged to be cautious of altered versions of popular apps, especially from unofficial app stores.
This malware allows attackers to execute arbitrary code, subscribe users to paid services, and run malicious scripts.
Opinion
The discovery of Necro malware in popular apps is another remindewr the lurking threats in seemingly legitimate software. News like this should push us to be even more cautious about the apps we install and to regularly review the ones we no longer use.
With smartphones often acting as the hub for two-factor authentication, passkeys, and secure tokens, it’s we must ourselves, “Do I really need this app?” Minimizing the number of apps on our devices reduces attack surfaces and enhances security. And a antivirus, and a clean cybersecurity hygene.
Generative AI Malware Used in Phishing Attacks
Generative AI is now being used to generate malware, as shown by a phishing campaign.
Reported by HP researchers the phishing emails delivered AsyncRAT using an AI-generated dropper script, marking a new level of sophistication in malware attacks. The structured and well-documented code raises concerns about how AI is accelerating cybercrime.
We mentioned here in one of the first articles on techsplicer how sophisticated the phishing attacks appeared on Facebook, after we have created our page.
Hacker Plants False Memories in ChatGPT to Steal User Data
ChatGPT’s new long-term memory feature, designed to retain user information for future conversations, already has proven vulnerable. This vulnerability allows attackers to plant false data and continuously steal user inputs.
Security researcher Johann Rehberger documented and made a proof-of-concept that enabled persistent data exfiltration through indirect prompt injection. While OpenAI has introduced partial fixes, this vulnerability is another example the potential risks associated rushed features in AI systems.
The Centers for Medicare & Medicaid Services (CMS) Breach: Over 3.1M Affected in MOVEit Hack
The massive MOVEit Transfer hack, linked to the Cl0p ransomware group, has affected over 3.1 million individuals, according to CMS. The breach initially reported lower figures, but further investigation revealed a broader impact, including the exposure of Medicare Beneficiary Identifiers, Social Security numbers, and other sensitive data.