Friday Five 12/9
New, dangerous forms of malware made up this past week’s top headlines. Read the latest on these threats and more in this week’s Friday Five!
NEW ZEROBOT MALWARE HAS 21 EXPLOITS FOR BIG-IP, ZYXEL, D-LINK DEVICES BY BILL TOULAS
A new Go-based malware known as Zerobot, which aims to add compromised devices to a botnet to launch powerful distributed denial of service (DDoS) attacks, was spotted this past November using exploits for a whopping 21 vulnerabilities across various network devices. The new malware is reportedly capable of scanning affected networks, self-propagating across adjacent devices, and running commands on Windows or Linux. Since its discovery in November, a new version has also emerged.
NEVER-BEFORE-SEEN MALWARE IS NUKING DATA IN RUSSIA’S COURTS AND MAYORS’ OFFICES BY DAN GOODIN
Russian courts and mayor's offices have been targeted by pinpoint attacks from a never-before-seen malware now known as CryWiper, a wiper malware that poses as ransomware and permanently destroys data on infected systems. Rather than encrypting data like ransomware, CryWiper has been found to permanently corrupt files by overwriting data, and "an analysis of the Trojan's program code showed that this was not a developer's mistake, but his original intention.” Read the full story from Ars Technica to learn how network engineers have been advised to take precautions.
CHATGPT SHOWS PROMISE OF USING AI TO WRITE MALWARE BY ELIAS GROLL
Brendan Dolan-Gavitt, a security researcher and assistant professor in the Computer Science and Engineering Department at NYU, investigated this past week whether or not ChatGPT, OpenAI's artificial intelligence chatbot, can write malicious code if instructed to do so. To the researcher's surprise, when the chatbot was presented with a simple capture-the-flag challenge, it recognized a vulnerability and wrote a piece of code exploiting the flaw. The model would have solved the problem perfectly had it not been for a minor error, and when prompted to re-examine the answer, ChatGPT got it right. “If not ChatGPT, then a model in the next couple years will be able to write code for real-world software vulnerabilities,” said Dolan-Gavitt.
ANDROID PHONE MAKERS’ ENCRYPTION KEYS STOLEN AND USED IN MALWARE BY LILY HAY NEWMAN
Google found this past week that a number of digital platform certificates used by Android device manufacturers have been compromised and have already been abused. While there is still no evidence that suggests any malware has made it to the Google Play Store, the abuse of these compromised platform certificates reportedly would allow an attacker to create malware with extensive permissions that does not need to trick users into granting them.
IRAN-BACKED HACKERS LINKED TO ESPIONAGE CAMPAIGN TARGETING JOURNALISTS AND ACTIVISTS BY CARLY PAGE
In their recent analysis, Human Rights Watch found that an Iranian-backed hacking group, APT42, is responsible for an ongoing social engineering and credential phishing campaign on WhatsApp. Targets are reportedly receiving messages from someone pretending to work for a think tank based in Lebanon who then sends a malicious link that steals the targets' email passwords and authentication codes. The targets have been found to be most comprised of human rights activists, journalists, diplomats, and politicians.