www.darkreading.com
Open in
urlscan Pro
2606:4700::6811:7663
Public Scan
Submitted URL: https://app.reg.techweb.com/e/er?sp_aid=116049&elq_cid=43606538&sp_eh=447d724fc79fe8493e7e8f91b598681d1cfa213356449634e9953b...
Effective URL: https://www.darkreading.com/attacks-breaches/attackers-hide-redline-stealer-behind-chatgpt-google-bard-facebook-ads?_mc=NL_D...
Submission: On April 13 via manual from US — Scanned from CA
Effective URL: https://www.darkreading.com/attacks-breaches/attackers-hide-redline-stealer-behind-chatgpt-google-bard-facebook-ads?_mc=NL_D...
Submission: On April 13 via manual from US — Scanned from CA
Form analysis
0 forms found in the DOMText Content
The Edge DR Tech Sections Close Back Sections Featured Sections The Edge Dark Reading Technology Attacks / Breaches Cloud ICS/OT Remote Workforce Perimeter Analytics Security Monitoring Security Monitoring App Sec Database Security Database Security Risk Compliance Compliance Threat Intelligence Endpoint AuthenticationMobile SecurityPrivacy AuthenticationMobile SecurityPrivacy Vulnerabilities / Threats Advanced ThreatsInsider ThreatsVulnerability Management Advanced ThreatsInsider ThreatsVulnerability Management Operations Identity & Access ManagementCareers & People Identity & Access ManagementCareers & People Physical Security IoT Black Hat news Omdia Research Security Now Events Close Back Events Events * Black Hat USA - August 5-10 - Learn More * Black Hat Asia - May 9-12 - Learn More Webinars * Expert Advice for Getting the Most from Security Orchestration, Automaton & Response Enterprise Tools Apr 13, 2023 * SBOMS and the Modern Enterprise Software Supply Chain Apr 18, 2023 Resources Close Back Resources Dark Reading Library > Webinars > Reports > Slideshows > White Papers > Partner Perspectives: Microsoft Tech Library > Newsletter The Edge DR Tech Sections Close Back Sections Featured Sections The Edge Dark Reading Technology Attacks / Breaches Cloud ICS/OT Remote Workforce Perimeter Analytics Security Monitoring Security Monitoring App Sec Database Security Database Security Risk Compliance Compliance Threat Intelligence Endpoint AuthenticationMobile SecurityPrivacy AuthenticationMobile SecurityPrivacy Vulnerabilities / Threats Advanced ThreatsInsider ThreatsVulnerability Management Advanced ThreatsInsider ThreatsVulnerability Management Operations Identity & Access ManagementCareers & People Identity & Access ManagementCareers & People Physical Security IoT Black Hat news Omdia Research Security Now Events Close Back Events Events * Black Hat USA - August 5-10 - Learn More * Black Hat Asia - May 9-12 - Learn More Webinars * Expert Advice for Getting the Most from Security Orchestration, Automaton & Response Enterprise Tools Apr 13, 2023 * SBOMS and the Modern Enterprise Software Supply Chain Apr 18, 2023 Resources Close Back Resources Dark Reading Library > Webinars > Reports > Slideshows > White Papers > Partner Perspectives: Microsoft Tech Library > The Edge DR Tech Sections Close Back Sections Featured Sections The Edge Dark Reading Technology Attacks / Breaches Cloud ICS/OT Remote Workforce Perimeter Analytics Security Monitoring Security Monitoring App Sec Database Security Database Security Risk Compliance Compliance Threat Intelligence Endpoint AuthenticationMobile SecurityPrivacy AuthenticationMobile SecurityPrivacy Vulnerabilities / Threats Advanced ThreatsInsider ThreatsVulnerability Management Advanced ThreatsInsider ThreatsVulnerability Management Operations Identity & Access ManagementCareers & People Identity & Access ManagementCareers & People Physical Security IoT Black Hat news Omdia Research Security Now Events Close Back Events Events * Black Hat USA - August 5-10 - Learn More * Black Hat Asia - May 9-12 - Learn More Webinars * Expert Advice for Getting the Most from Security Orchestration, Automaton & Response Enterprise Tools Apr 13, 2023 * SBOMS and the Modern Enterprise Software Supply Chain Apr 18, 2023 Resources Close Back Resources Dark Reading Library > Webinars > Reports > Slideshows > White Papers > Partner Perspectives: Microsoft Tech Library > -------------------------------------------------------------------------------- Newsletter SEARCH A minimum of 3 characters are required to be typed in the search bar in order to perform a search. Announcements 1. 2. 3. Event How to Launch a Threat Hunting Program | Webinar <REGISTER> Event How to Accelerate XDR Outcomes: Bridging the Gap Between Network and Endpoint | Webinar <REGISTER> Report Black Hat USA 2022 Attendee Report | Supply Chain & Cloud Security Risks Are Top of Mind | <READ IT NOW> PreviousNext Attacks/Breaches 4 MIN READ News ATTACKERS HIDE REDLINE STEALER BEHIND CHATGPT, GOOGLE BARD FACEBOOK ADS The campaign shrouds the commodity infostealer in OpenAI files in a play that aims to take advantage of the growing public interest in AI-based chatbots. Elizabeth Montalbano Contributor, Dark Reading April 11, 2023 Source: Greg Guy via Alamy Stock Photo PDF Cybercriminals are posting what appear to be legitimate sponsored ads on hijacked Facebook business and community pages, which promise free downloads of AI chatbots such as ChatGPT and Google Bard. Instead, users download the well-known, info-stealing malware called RedLine Stealer, the researchers have found. RedLine Stealer is a malware-as-a-service (MaaS) platform sold via online hacker forums that targets browsers to collect various data saved by the user, including credentials and payment-card details, as well as taking a system inventory to assess the attack surface for performing further attacks. It also can perform other malicious functions besides just info stealing, such as uploading and downloading files, and executing commands. This gives attackers, even with limited sophistication, various options for performing a range of cyberattacks, researchers at Veriti said. They spotted the recent campaign in January, which aims to take advantage of the growing popularity of emerging AI platforms, according to a report published April 11. The researchers then followed the campaign through its peak in March. "These posts are designed to appear legitimate, using the buzz around OpenAI language models to trick unsuspecting users into downloading the files," Veriti researchers wrote in the report. "However, once the user downloads and extracts the file, the RedLine Stealer malware is activated and can steal passwords and download further malware onto the user's device." The commodity malware is an inspired choice for the campaign considering it costs only $100 to $150 to buy it on the Dark Web, which gives attackers a significant return on investment (ROI) for their cybercriminal activity, the researchers said. "In addition, by exploiting Facebook business accounts and their exposed passwords, the attackers were able to target a vast number of users and potentially gain access to sensitive information at a relatively low cost," the Veriti research team tells Dark Reading. DANGERS OF TROJANIZED AI APPS Soon after the AI-based chatbot ChatGPT came on the scene in November, the chatter began about the various ways attackers can exploit it for malicious purposes. While some believe that this threat is being overhyped, the RedLine campaign could be a sign of more related attacks on the horizon. Rather than taking advantage of AI-based capabilities of the chatbots themselves, the attackers here take advantage of recent developments in the ability to package the AI in various forms, opening the door for creating trojanized downloads. "One of the most concerning risks associated with generative AI platforms is the ability to package the AI in a file (e.g., as mobile applications or as open source), which creates the perfect excuse for malicious actors to trick naïve downloaders," the researchers explained. The attackers in this case package RedLine Stealer into an OpenAI or Google Bard downloadable file, leading unsuspecting users to download the malware instead of the promised AI app that lured them to click on the post, the researchers said. "The potential impact of such attacks is significant, as hackers could steal confidential data, compromise financial accounts, or even disrupt critical infrastructure," they wrote in the report. "Moreover, these attacks are becoming more sophisticated, making detecting and preventing them harder." Dozens of Facebook business accounts in at least 10 countries already have been hijacked for the purpose of distributing RedLine Stealer through the malicious posts, the researchers said. Greece is the country where attackers reach the highest number of Facebook users, followed by India, the US, Mexico, and Bangladesh, according to the report. However, the bulk of the campaign's "top attacks" took place in the US, where 77% of them occurred, according to the report. The country with the next-highest percentage of top attacks was Canada, with 9%, followed by Mexico (6%), India (4%), and Portugal (2%). PROTECTING THE ENTERPRISE FROM MALICIOUS DOWNLOADS Veriti recommends a "comprehensive approach to cybersecurity" that includes educating employees on the risk of downloading and opening files from unknown sources, alongside "robust security configurations" to help avoid compromising enterprise systems if users inadvertently install an infostealer, such as Redline, on a corporate desktop. One of the first steps organizations can take is to limit the download of executables and enforce strict policies that require sandboxing every executable before it is downloaded, the researchers said. "This can significantly reduce the risk of malicious files infecting a system," they tell Dark Reading. Additionally, disabling data exfiltration can prevent attackers from stealing sensitive information, while enabling anti-malware can detect and remove malicious files before they can cause any damage, the researchers said. However, researchers note that any measures to educate employees or set policies around files downloaded from the Internet "should complement an organization's existing cybersecurity protections, such as firewalls, intrusion detection and prevention systems, and regular security updates." The team adds, "Organizations can significantly reduce the likelihood of a successful attack by implementing these best practices and educating employees on the risks." Vulnerabilities/ThreatsThreat Intelligence Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. Subscribe More Insights White Papers * The Essential Guide to Secure Web Gateway * Unit 42 Retainer More White Papers Webinars * Expert Advice for Getting the Most from Security Orchestration, Automaton & Response Enterprise Tools * SBOMS and the Modern Enterprise Software Supply Chain More Webinars Reports * The 10 Most Impactful Types of Vulnerabilities for Enterprises Today * Shoring Up the Software Supply Chain Across Enterprise Applications More Reports Editors' Choice Rethinking Cybersecurity's Structure & the Role of the Modern CISO Justin Fimlaid, CEO, NuHarbor Security Apps for Sale: Cybercriminals Sell Android Hacks for Up to $20K a Pop Nate Nelson, Contributing Writer, Dark Reading How Password Managers Can Get Hacked Stu Sjouwerman, Founder & CEO, KnowBe4, Inc. High-Stakes Ransomware Response: Know What Cards You Hold Elizabeth Montalbano, Contributor, Dark Reading Webinars * Expert Advice for Getting the Most from Security Orchestration, Automaton & Response Enterprise Tools * SBOMS and the Modern Enterprise Software Supply Chain * How Supply Chain Attacks Work -- And What You Can Do to Stop Them * How to Accelerate XDR Outcomes: Bridging the Gap Between Network and Endpoint * How to Launch a Threat Hunting Program More Webinars Reports * The 10 Most Impactful Types of Vulnerabilities for Enterprises Today * Shoring Up the Software Supply Chain Across Enterprise Applications * The Promise and Reality of Cloud Security * 10 Hot Talks From Black Hat USA 2022 * How Machine Learning, AI & Deep Learning Improve Cybersecurity More Reports White Papers * The Essential Guide to Secure Web Gateway * Unit 42 Retainer * Cloud Incident Response Datasheet * Transform Your Security Strategy * The CISOs Report: Perspectives, Challenges, and Plans for 2022 and Beyond More White Papers Events * Black Hat USA - August 5-10 - Learn More * Black Hat Asia - May 9-12 - Learn More More Events More Insights White Papers * The Essential Guide to Secure Web Gateway * Unit 42 Retainer More White Papers Webinars * Expert Advice for Getting the Most from Security Orchestration, Automaton & Response Enterprise Tools * SBOMS and the Modern Enterprise Software Supply Chain More Webinars Reports * The 10 Most Impactful Types of Vulnerabilities for Enterprises Today * Shoring Up the Software Supply Chain Across Enterprise Applications More Reports DISCOVER MORE FROM INFORMA TECH * Interop * InformationWeek * Network Computing * ITPro Today * Data Center Knowledge * Black Hat * Omdia WORKING WITH US * About Us * Advertise * Reprints FOLLOW DARK READING ON SOCIAL * * * * * * * Home * Cookies * Privacy * Terms Copyright © 2023 Informa PLC Informa UK Limited is a company registered in England and Wales with company number 1072954 whose registered office is 5 Howick Place, London, SW1P 1WG. Cookies Button ABOUT COOKIES ON THIS SITE We and our partners use cookies to enhance your website experience, learn how our site is used, offer personalised features, measure the effectiveness of our services, and tailor content and ads to your interests while you navigate on the web or interact with us across devices. By clicking "Continue" or continuing to browse our site you are agreeing to our and our partners use of cookies. For more information seePrivacy Policy CONTINUE COOKIES PREFERENCE CENTER When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer. More information Allow All MANAGE CONSENT PREFERENCES STRICTLY NECESSARY COOKIES Always Active These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. PERFORMANCE COOKIES Performance Cookies These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance. FUNCTIONAL COOKIES Functional Cookies These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly. TARGETING COOKIES Targeting Cookies These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising. Back Button BACK Search Icon Filter Icon Clear checkbox label label Apply Cancel Consent Leg.Interest checkbox label label checkbox label label checkbox label label Confirm My Choices